A Ukrainian law firm plans to launch a class-action lawsuit against the accounting software firm whose update mechanism was exploited to spread the NotPetya malware in June.
The law firm, called Juscutum Attorneys Association, is encouraging victims of the malware - who are overwhelmingly, but not exclusively, based in Ukraine, to join the lawsuit against the software company responsible, Intellect Service.
The company has been drumming up interest in Ukraine, according to Bleeping Computer, with offers of "legal retribution", according to a direct translation of one of its social media posts.
The NotPetya malware broke out in June after the software-updating mechanism of Intellect Service's ME Doc accounting software was hacked to send out a Trojanised update.
While most of the company's clients are Ukrainian - the software is used by as much as 80 per cent of organisations in Ukraine - a number of international companies with operations in Ukraine were also directly affected.
The self-propagating nature of the malware, which incorporated exploits leaked from the US National Security Agency, in many cases enabled it to spread across corporate networks.
These include fast-moving consumer goods maker Reckitt Benckiser, confectionary firm Cadbury's, shipping company Maersk, pharmaceutical giant Merck, and perhaps most devastating of all, Dutch delivery company TNT Express, which was still running on manual processes more than a month after the outbreak and has admitted that some business data may be permanently lost as a result.
The servers of the software company were seized by Ukrainian cyber police at the beginning of July.
The law firm claims that Ukrainian Cyber Police documents indicate that ME Doc servers were backdoored on at least three separate occasions. It is using this as the basis for launching its legal claim.
According to Bleeping Computer, the action won't be based on a no-win, no-fee basis but, instead, victims will not only have to pay all court fees and help collate evidence, but must also hand over 30 per cent of any damages awarded.
However, there is a risk that Intellect Service could go out of business under the weight of the various legal claims, leaving victims - particularly individuals and small businesses in Ukraine affected by the malware outbreak, with nothing but legal bills.
Computing's DevOps Summit returns on 19 September. Attendance is free to qualifying IT leaders and other senior IT professionals, but places will go fast, so secure yours now.
Kicking Palantir off of AWS is among their demands, too
Rafaela Vasquez was watching The Voice at the time of the crash, new evidence shows
PUBG price slashed on Steam after selling more than 50 million copies - as daily player numbers plunge
Use the same password for every website? It might be time to change them all