Petya Update: Ukraine Claims To Have Seized Equipment Used By Russia In Cyberattack

The Security Service of Ukraine (SBU) reported Friday that it seized equipment belonging to agents of Russia that was used to carry out a number of cyberattacks against Ukraine and other countries, Reuters reported.

The agency claimed the equipment was used in part to carry out attacks in May and June, and may have been involved in an attack earlier this week that resulted in the spread of malware to computer systems in at least 65 countries.

Read: What Is Petya? Ransomware Attack Hits Computer Systems Across The Globe

"Law enforcement officers seized server equipment that was involved in the cyber attack system by Russian secret services," the SBU said in a statement released Friday. The agency added that investigations into the equipment and recent attacks were ongoing.

It is not clear yet if the equipment played any part in the spread of Petya, a cyberattack that was initially believed to be a WannaCry-style ransomware attack but has since been discovered to be a “wiper” designed to delete files and destroy computer systems.

Petya —or NotPetya, as security researchers have called it to differentiate the new attack from the existing Petya malware that the malicious software appears to have been based on—began spreading on Tuesday, quickly moving from computer systems in Ukraine to tens of thousands of machines in 65 countries including Belgium, Brazil, Britain, Germany, Russia and the United States.

While there are still plenty of unknowns regarding Petya, security researchers have pinpointed what they believe to be the first target of the attack: M.E.Doc, a Ukrainian company that develops tax accounting software.

Read: Petya Ransomware Attack: Global Cyberattack May Have Aimed To Destroy Files, Computer Systems

The initial attack took aim the software supply chain of the tax software MEDoc, which then spread through a system updater process that carried malicious code to thousands of machines, including those who do business in Ukraine.

Petya also has proved to be a rather destructive attack. While it was originally believed Petya was a form of ransomware, as it would present victims with a screen claiming their files had been encrypted and demanded a $300 fee to regain access, it has since been reported that the ransomware doesn’t actually restore access to the computer even when the ransom is paid.

Instead, the ransomware screen appears to be a front or smoke screen to cover for the malicious software’s true purpose, which is to wipe clean any machine that it infects. Because of the destructive nature of the attack, it has been theorized that Petya was actually designed to destroy computer infrastructure of governments and businesses.

While there doesn’t appear to be clear evidence yet to support attribution, Ukrainian officials have already begun assigning blame to Russia for the attack. The discovery of Russian equipment only bolsters those claims.

A spokesperson for the Russian government dismissed the claims and called them “unfounded blanket accusations.

While it’s possible Russia had no involvement in the attack, the sense of suspicion from Ukraine comes from a history of meddling made by the Kremlin. The Ukrainian government has previously attributed two cyber attacks against the country’s power grids to Russia, though officials in Moscow have denied such claims.