Ukrainian man arrested for distributing NotPetya ransomware




Ukrainian police arrested a 51-year-old man from Nikopol, Dnipropetrovsk region, on charges of spreading the NotPetya ransomware.

Police arrested the man on August 5th, and the cyber police and the interior ministry of Ukraine claiming he is not accused of causing the massive attack with NotPetya by the end of June, but for events after that.

The suspect has not created NotPetya

According to authorities, the man has published a version of Petya.A - one of the technical terms used by Ukrainian police to describe the NotPetya ransomware strain, together with Diskcoder.C.

The suspect has uploaded a copy of the NotPetya executable file to a file sharing server and has distributed a link to this page through his social media accounts along with written and video instructions on how to download and use it to infect a computer.

He confessed to his actions. The man has spread links to video clips among Ukrainian companies as a way to getting a tax reporting delay from Ukrainian tax authorities.

The Ukrainian newspaper "Strana" has identified the person as Sergey Neverev. He is an IT specialist and his NotPetya installation tutorials are still available on YouTube.




Neverev has been accused of spreading links to the ransomware and charged with "unauthorized interference with the operation of computing systems." If convicted, he may be sentenced to three years in prison. In previous official statements, the Ukrainian authorities accused Russian secret services of having participated in the global NotPetya infection.

Ukraine gave NotPetya victims a tax reporting delay

This ransomware infected mostly Ukrainian companies using M.E.Doc accounting software, most of which failed to recover their files.

For this reason, the Ukrainian state tax service allowed the companies affected by NotPetya to extend the tax reporting deadline for various operations to December 31, 2017.

According to Ukrainian cyber police, more than 400 users have downloaded the NotPetya version, distributed by the 51-year-old suspect.

Would you like to comment on this article?



Latest news


Hacker removed malware from Netgear site, the company failed to do so for 2 years

An anonymous hacker has removed malware from a Netgear site after the company failed to clean up a malware infection for more than two years.


Hacker robbed church in Northern Ireland

The hacker told the priest that the church computer should be remotely accessible to fix an internet problem.


Synaptics to remove keylogger from its drivers

The company has decided to remove the keylogger functionality from its products.

Sign up for our online newsletter!