Ukrainian authorities have arrested a 51-year-old man from Nikopol, Dnipropetrovsk region, on accusations of distributing a version of the NotPetya ransomware.
Police arrested the man on Saturday, August 5, and according to statements from Ukraine's Cyber Police and Ministry of Internal Affairs, the man is not accused of causing the NotPetya outbreak from late June, but for events after the initial attack.
Suspect is not the NotPetya author
Authorities say the man published a version of the Petya.A ransomware — one of the technical terms used by Ukrainian police to describe the NotPetya ransomware strain, together with Diskcoder.C.
The suspect uploaded a copy of the NotPetya executable on a file-sharing server and spread a link to that page via his social media accounts, along with written and video instructions on how to download and use it to infect a computer. Police say the man confessed to his actions.
According to a former M.E.Doc software developer who saw the instructions and spoke with Bleeping Computer, links to the man's videos were shared among Ukrainian companies as a way to getting a tax reporting delay from Ukrainian tax authorities.
Ukrainian newspaper Strana identified the man as Sergey Neverov. He is described as an IT nerd and his NotPetya installation tutorials are still available on YouTube [1, 2]. From posts and comments seen by this reporter, the man never advertised his videos as a way to obtain a tax reporting delay or other way to avoid paying taxes.
Nonetheless, he was accused of spreading links to the ransomware and charged with "unauthorized interference with the operation of computing systems." If found guilty, the man could face a prison sentence of up to three years. In previous official statements, Ukrainian authorities accused the Russian secret service of its involvement in the NotPetya outbreak.