Ukrainian police arrested a 51-year-old man from Nikopol, Dnipropetrovsk region, on charges of spreading the NotPetya ransomware.
Police arrested the man on August 5th, and the cyber police and the interior ministry of Ukraine claiming he is not accused of causing the massive attack with NotPetya by the end of June, but for events after that.
The suspect has not created NotPetya
According to authorities, the man has published a version of Petya.A - one of the technical terms used by Ukrainian police to describe the NotPetya ransomware strain, together with Diskcoder.C.
The suspect has uploaded a copy of the NotPetya executable file to a file sharing server and has distributed a link to this page through his social media accounts along with written and video instructions on how to download and use it to infect a computer.
He confessed to his actions. The man has spread links to video clips among Ukrainian companies as a way to getting a tax reporting delay from Ukrainian tax authorities.
The Ukrainian newspaper "Strana" has identified the person as Sergey Neverev. He is an IT specialist and his NotPetya installation tutorials are still available on YouTube.
Neverev has been accused of spreading links to the ransomware and charged with "unauthorized interference with the operation of computing systems." If convicted, he may be sentenced to three years in prison. In previous official statements, the Ukrainian authorities accused Russian secret services of having participated in the global NotPetya infection.
Ukraine gave NotPetya victims a tax reporting delay
This ransomware infected mostly Ukrainian companies using M.E.Doc accounting software, most of which failed to recover their files.
For this reason, the Ukrainian state tax service allowed the companies affected by NotPetya to extend the tax reporting deadline for various operations to December 31, 2017.
According to Ukrainian cyber police, more than 400 users have downloaded the NotPetya version, distributed by the 51-year-old suspect.