Ukranian company that spread Petya could face criminal charges for vulnerability

Last week’s globe-spanning ransomware outbreak may have started with a remarkably simple attack. This morning, independent security analyst Jonathan Nichols discovered an alarming vulnerability in the update servers for Ukrainian software company MeDoc, one of the companies at the center of the attack.

Researchers believe that many of the initial Petya infections were the result of a poisoned update from MeDoc, which sent out malware disguised as a software update. But according to Nichols’ research, sending out that poisoned update may have been a relatively simple task, thanks to underlying weaknesses in the company’s security.