The NotPetya ransomware attack has caused damages on a global scale. No country was more affected than Ukraine, which is home to many ransomware types discovered throughout 2017. Local police officials have arrested a 51-year old man on suspicion of spreading the ransomware known as NotPetya. Although the arrest took place nearly a week ago, the news has only now been made official. It will be interesting to see what kind of evidence the police have against this man.

Sergey Neverov Arrested in Ukraine

NotPetya has become one of the more famous ransomewares of 2017. There have been many different ransomware outbreaks over the past few months, some of which have proven to be more destructive than ever before. NotPetya has mainly targeted consumers and businesses in Ukraine and caused a lot of damage in the process. It now appears this malware was distributed in an effort to evade taxes.

The arrest of a 51-year-old man residing in Nikopol has caused another wave of speculation regarding the NotPetya ransomware. According to police officials, this person successfully distributed a Petya ransomware variant known as NotPetya. This version of the malware was uploaded to a file-sharing server and a download link was distributed through social media channels. It is unclear which platforms were used, but the widespread damage NotPetya has caused speaks for itself.

We now know NotPetya to be one of three ransomware strains successfully distributed through M.E.Doc download servers. The company responsible for developing the program and maintaining its servers is currently in the process of dealing with a civil lawsuit. It appears this 51-year old man created videos involving NotPetya ransomware which were distributed to various local businesses. The video promised business owners they would receive a tax reporting delay from Ukrainian tax authorities by downloading the updated software.

According to local newspaper Strana, the identity of the arrested individual is Sergey Neverov. That is not a notorious name across law enforcement agencies. Neverov is portrayed as an IT enthusiast who somehow got involved with distributing NotPetya. Most of his instructional videos can still be found on YouTube, which does indicate that he had an elaborate plan in place to make a lot of money from this project. None of those videos mention how the software could be used for tax evasion or reporting delays.

What is rather interesting is how the NotPetya ransomware outbreak eventually did indeed result in a tax reporting delay for Ukrainian businesses. Considering that dozens of companies were affected by this malicious M.E.Doc update file, it made sense to let them get things in order first and foremost. Companies struggled to recover key files related to tax reporting, which more than warranted the delay initially. Affected companies still have until December 31 of 2017 to finish their tax reporting duties for the fiscal year.

However, Ukrainian police are concerned about a growing list of companies that have used NotPetya as an excuse to delay tax filings, despite not having been affected by the malware. Companies otherwise struggling to stay afloat could utilize the loophole in order to obfuscate their financial status. For the time being, it remains unclear what will happen to Neverov, who may face a prison sentence of up to three years for his crimes. It is also believed the Russian secret service is involved in NotPetya as well.