05 July 2017 - Police seize servers from software firm, prevent malware attack

Intellect Service
Source - http://ransomware.databreachtoday.com/police-seize-backdoored-firms-servers-to-stop-attacks-a-10083?rf=2017-07-05_ENEWS_SUB_BIS_Slot1&mkt_tok=eyJpIjoiTkdRMk1HRmtaalkyWVdNMCIsInQiOiJOXC8yKzhtT2VCOTY3dWJRQmZpdXlcL1pGMTRRaUFwcUgrOVZNb28yNFMxWTFLYURoRXNueGhvZ
Where - Ukraine
Business line - Information Technology

Ukrainian police have seized servers from a family-run software development company in Ukraine to prevent what they believed to be an imminent malware attack.

The firm, Intellect Service, develops software for accounting and bookkeeping used by 80% of Ukrainian businesses.

A Slovakian-based security firm claims that a backdoor source code had been added to a number of versions of the firm’s software, which was due to be automatically sent to its 400,000 customers via an update.

Intellect Service has denied any wrongdoing and has promised customers it will restore its updating services within 24 hours.

Ukraine Interior Minister Arsen Avakov has blamed the attack attempt on Russia. Russian officials have denied the allegations.

Ukraine's national cyber police advised customers “to stop using the ME Doc software and turn off the computer on which it is installed,” and also to change all passwords linked to the service.

Hackers are understood to have been using the backdoor to spread malware viruses including the NotPetya virus which affected many US and European organisations at the end of June. The seizure of the servers is believed to have prevented widespread infection through a scheduled update.

Intellect Service is understood to have first been warned about the issue in May. Many security specialists are now questioning whether the firm’s cyber security measures are sufficient considering the number of customers it serves. It is not the first time the firm has been affected by malware – in 2015 it released a statement about another virus that had impacted the same accounting software.