Ukrainian man arrested for distributing NotPetya ransomware




Ukrainian police arrested a 51-year-old man from Nikopol, Dnipropetrovsk region, on charges of spreading the NotPetya ransomware.

Police arrested the man on August 5th, and the cyber police and the interior ministry of Ukraine claiming he is not accused of causing the massive attack with NotPetya by the end of June, but for events after that.

The suspect has not created NotPetya

According to authorities, the man has published a version of Petya.A - one of the technical terms used by Ukrainian police to describe the NotPetya ransomware strain, together with Diskcoder.C.

The suspect has uploaded a copy of the NotPetya executable file to a file sharing server and has distributed a link to this page through his social media accounts along with written and video instructions on how to download and use it to infect a computer.

He confessed to his actions. The man has spread links to video clips among Ukrainian companies as a way to getting a tax reporting delay from Ukrainian tax authorities.

The Ukrainian newspaper "Strana" has identified the person as Sergey Neverev. He is an IT specialist and his NotPetya installation tutorials are still available on YouTube.




Neverev has been accused of spreading links to the ransomware and charged with "unauthorized interference with the operation of computing systems." If convicted, he may be sentenced to three years in prison. In previous official statements, the Ukrainian authorities accused Russian secret services of having participated in the global NotPetya infection.

Ukraine gave NotPetya victims a tax reporting delay

This ransomware infected mostly Ukrainian companies using M.E.Doc accounting software, most of which failed to recover their files.

For this reason, the Ukrainian state tax service allowed the companies affected by NotPetya to extend the tax reporting deadline for various operations to December 31, 2017.

According to Ukrainian cyber police, more than 400 users have downloaded the NotPetya version, distributed by the 51-year-old suspect.

Would you like to comment on this article?



Latest news


Industrial cobots can be hacked

IOActive`s cybersecurity specialists have discovered how a remote hacker can hack industrial collaborative robots.


2 infected apps are available for download via the Google Play Store

Cybersecurity experts have discovered two malware-infected apps on the official Google Play Store that are still available for download.


Cybersecurity company warns of new cyber-attacks against Ukraine

Ukraine could be a target of a NotPetya-style attack aimed at destabilizing the country just as it celebrates its 1991 independence from the Soviet Union.

Sign up for our online newsletter!