A 51-year-old Ukrainian man has been arrested on suspicion of distributing the notorious Petya/NotPetya malware, infecting around 400 computers.
The unnamed man, a resident of Nikopol, was cuffed and his house raided after he apparently posted a video in which he provided a detailed description of how to launch Petya.A as well as a link via which to get the download.
However, it doesn’t look like the police suspect the man of involvement in the infamous outbreak of NotPetya in June, which has been blamed squarely on the shoulders of Russian state-linked hackers.
In an unusual twist, police searching the suspect’s home claimed to have found a list of companies that they said had downloaded the malware deliberately.
This is because the government allowed companies infected by the malware an extension on this year’s tax return deadline; so by infecting their machines, they could theoretically escape potential state fines.
There’s no mention in the police statement whether the cops suspect him of any involvement in the massive malware outbreak which caused destruction across the globe.
It’s believed now that the ransomware itself was actually cover for an attack designed to cripple Ukrainian businesses the day before Ukraine’s Constitution Day.
It wiped the Master Boot Record of affected machines so that they became unrecoverable.
The threat then spread globally because some multi-nationals had VPN links into branch offices or partner organizations inside the Eastern European country, it has been claimed.
Major global organizations including Danish shipper Maersk, German drug-maker Merck and international law firm DLA Piper were among those affected.
Also hit was UK consumer goods giant Reckitt Benckiser, which admitted in a statement in July that that the attack disrupted its “ability to manufacture and distribute products to customers in multiple markets across the RB Group.”
That could result in a revenue hit of up to £100m, it claimed.