M.E. Doc, a Ukrainian tax software company, will face charges due to their vulnerable network infrastructure which was at the center of the ExPetr Ransomware outbreak last month. After being warned by private security firms, M.E. Doc failed to secure their own infrastructure. As a result of this negligence, thousands of computers were compromised and M.E. Doc is now facing criminal charges. The hackers were able to upload their malware into M.E. Doc’s vulnerable network, and from there, the outbreak penetrated victims’ network by posing as a system or software update to M.E. Doc’s product. Once opened, the malicious update was disseminated across the country. M.E. Doc employees had reportedly blown off warnings about the security of their systems and because of this, spread the ExPetr ransomware to thousands of computers including government software. The attack left devices crippled from the U.K to the United States, even hitting major companies such as FedEx, Cadbury, and Merck. Col. Serhiy Demydiuk, head of Ukraine’s national Cyberpolice unit, spoke with AP News about the incident and will be pursuing criminal charges against M.E. Doc for their part in the spread of the ransomware.
“They knew about it,” he told the AP at his office. “They were told many times by various anti-virus firms. … For this neglect, the people in this case will face criminal responsibility.”
M.E. Doc is fully cooperating with authorities and is working with Cisco specialists from Europe and America to get their networks back online. After the attack happened, researchers fully analyzed M.E. Doc’s infrastructure and were shocked at what they found. M.E. Doc’s central update servers were running outdated FTP software which had an outstanding vulnerability easily exploited by public hacking software. The presence of this outdated software has left security specialists baffled as to why nothing was done prior to the attack even after they had been warned by private security firms. The extent of the damage is still unknown as many companies are still recovering from the attack.
The security of your company’s infrastructure cannot be stressed enough. In the case of M.E. Doc, it was not just their network that was compromised by their poor security practices, but thousands of others. GraVoc offers information security services including Risk Management, IT Assurance, and IT Audits to help prevent information technology attacks BEFORE they happen. Feel free to reach out to a certified information security specialist to analyze the vulnerabilities and threats surrounding your business.
Related articles
Change Healthcare Attack: Ransomware Protection Measures for Healthcare Organizations
In light of the Change Healthcare attack, we explore why hackers target healthcare and how healthcare can defend against ransomware.
GraVoc Recognized on CRN MSP 500 List for Second Year in a Row
For the second year in a row, GraVoc has been recognized on the CRN® MSP 500 list in the Pioneer 250 category!
PCI SAQ Types: Which SAQ is Right for Your Business?
In this blog post, we provide an overview of the SAQ types for PCI DSS v4.0 and how to select a PCI SAQ that’s right for your business.