Malware that crippled computers in the Ukraine and around the world is believed to have been distributed through the update mechanism of the M.E.Doc tax and accounting software. Credit: Peter Sayer/IDG Ukraine’s Cyber Police have intervened to prevent further cyberattacks in the wake of last week’s global attack, initially considered to be ransomware and called by various names including NotPetya.The attack affected businesses around the world, but Ukraine was hit particularly hard because, security researchers believe, the initial attacks were disguised in an automatic update to the MEDoc tax and accounting software widely used in the country.A backdoor could have have been introduced into M.E.Doc as early as May 15, the police said, after one of the developer’s computers was taken over.Police said Wednesday that they had seized computers and software from M.E.Doc’s developer after spotting fresh signs of malicious activity, and have taken the items away for analysis. They hope this will put an end to further uncontrolled distribution of the NotPetya malware (also referred to as Diskcoder.c, ExPetr, PetrWrap and Petya) used in the previous attack, they said. Although the malware was initially labelled as ransomware, it appears incapable of unlocking the files it has encrypted.Ukrainian police now believe that aspect was just a diversionary tactic. One hypothesis the investigators are considering is that the malware was created by state actors with the goal of destabilizing the country. The police recommended that anyone with the M.E.Doc software on their computer immediately stop using it and disconnect it from their network. They hope their analysis of the materials seized this week will lead to the creation of a tool for identifying, and perhaps reversing the effects of, the malware. Related content news UK Cyber Security Council CEO reflects on a year of progress Professor Simon Hepburn sits down with broadcaster ITN to discuss Council’s work around cybersecurity professional standards, careers and learning, and outreach and diversity. By Michael Hill Sep 27, 2023 3 mins Government Government Government news FIDO Alliance certifies security of edge nodes, IoT devices Certification demonstrates that products are at low risk of cyberthreats and will interoperate securely. By Michael Hill Sep 27, 2023 3 mins Certifications Internet Security Security Hardware news analysis Web app, API attacks surge as cybercriminals target financial services The financial services sector has also experienced an increase in Layer 3 and Layer 4 DDoS attacks. By Michael Hill Sep 27, 2023 6 mins Financial Services Industry Cyberattacks Application Security news Immersive Labs adds custom 'workforce exercising' for each organizational role With the new workforce exercising capability, CISOs will be able to see each role’s cybersecurity readiness, risk areas, and exercise progress. By Shweta Sharma Sep 27, 2023 3 mins Security Software Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe