By Jack Stubbs and Pavel Polityuk
KIEV (Reuters) – Ukrainian company Intellect Service was not responsible for last week’s international cyber attack that brought down the computer systems of several major companies, the father and daughter team told Reuters on Monday.
Cyber security investigators are still trying to establish who was behind the attack.
But Ukrainian officials and security firms including Microsoft <MSFT.O>, Cisco’s <CSCO.O> Talos and Symantec <SYMC.O> say they have confirmed that some of the initial infections occurred when malware was transmitted to users of a Ukrainian tax software program called M.E.Doc.
They say the virus, dubbed NotPetya by some experts, was primarily spread via an update issued by M.E.Doc, the accounting software developed by Olesya Linnik and her father Sergei at his company, Intellect Service.
In their first interview with foreign media since the attack, the Linniks said there was no evidence M.E.Doc, which is Ukraine’s most-popular accounting software, was used to spread the virus and they did not understand the charges against them.
“What has been established in these days, when no one slept and only worked? We studied and analysed our product for signs of hacking – it is not infected with a virus and everything is fine, it is safe,” said Olesya, managing partner at Intellect Service.
“The update package, which was sent out long before the virus was spread, we checked it 100 times and everything is fine.”
Little known outside Ukrainian accounting circles, M.E.Doc is an everyday part of life at around 80 percent of companies in Ukraine. The software allows its 400,000 clients to send and discuss financial documents between internal departments, as well as file them with the Ukrainian state tax service.
Investigators have said M.E.Doc’s expansive reach is what made it a prime target for the unknown hackers, who were looking for a way to infect as many victims as possible.
“These malware families were spread using Ukrainian accounting software called M.E.Doc,” researchers at Slovakian security software firm ESET said in a blog post on Friday.
“M.E.Doc has an internal messaging and document exchange system so attackers could send spearphishing messages to victims.”
Ukrainian police said on Monday the Linniks could now face criminal charges if it is confirmed they knew about the infection but took no action.
“We have issues with the company’s leadership, because they knew there was a virus in their software but didn’t do anything … if this is confirmed, we will bring charges,” Serhiy Demedyuk, the head of Ukraine’s cyber police, told Reuters in a text message.
Speaking before Demedyuk’s comments at the company’s modest offices on an industrial estate in Kiev, Sergei, Intellect Service’s general director, raised his voice in frustration.
“We built this business over 20 years. What is the point of us killing our own business?”
Olesya said the company was cooperating with investigators and the police were yet to reach any conclusions.
“The cyber police are currently bogged down in the investigation, we gave them the logs of all our servers and there are no traces that our servers spread this virus,” she said.
“M.E.Doc is a transportation product, it delivers documents. But is an email program guilty in the distribution of a virus? Hardly.”
(Writing by Jack Stubbs; Editing by Anna Willard)