The Ukrainian software firm at the centre of a cyber attack that spread around the world last week said on Wednesday that computers which use its accounting software are compromised by a so-called "backdoor" installed by hackers during the attack.
The backdoor has been installed in every computer that wasn't offline during the cyber attack, said Olesya Bilousova, the chief executive of Intellect Service, which developed M.E.Doc, Ukraine's most popular accounting software.
Last week's cyber attack spread from Ukraine and knocked out thousands of computers, disrupting shipping and shut down a chocolate factory in Australia as it reached dozens of countries around the world.
Ukrainian politicians were quick to blame Russia for a state-sponsored hack, which Moscow denied, while Ukranian cyber police and some experts say the attack was likely a smokescreen for the hackers to install new malware.
The Ukrainian police have seized M.E.Doc's servers and taken them offline. On Wednesday morning they advised every computer using M.E.Doc software to be switched off. M.E.Doc is installed in around 1 million computers in Ukraine, Bilousova said.
"... the fact is that this backdoor needs to be closed. There was a hacking of servers," Bilousova told reporters.
"As of today, every computer which is on the same local network as our product is a threat. We need to pay the most attention to those computers which weren’t affected (by the attack). The virus is on them waiting for a signal. There are fingerprints on computers which didn’t even use our product."
Ukrainian Interior Minister Arsen Avakov says that authorities have avoided a second cyberattack.
The announcement suggests that the effort to wreak electronic havoc across Ukraine is ongoing.
Ukraine is still trying to find its feet after scores or even hundreds of businesses and government agencies were hit by an explosion of data-scrambling software on June 27.
Avakov said in a statement posted to his Facebook page that what he described as the second stage of that malware attack had been timed to hit its peak at 4 PM Ukraine time yesterday.
Avakov said that, like the first attack, yesterday's originated from the Ukrainian tax firm ME Doc.
Today's announcement adds clarity to Cyberpolice's midnight announcement that they had raided ME Doc and seized the company's servers.
){kind=small}
){kind=small}
){kind=small}
){kind=spacer}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
 "cyber")
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
)
){kind=small}
){kind=small}
)
)
)
)
)
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}