Ukraine, hardest hit by this week's “NotPetya” ransomware/havoc-ware, has called for help from Europol, the FBI, and England's National Crime Agency to investigate who was behind it.
SBU, the country's security service, announced the international co-operation to try and localise and find the offenders.
As well as the three international agencies, the agency says other “leading cyber security institutions” will be involved in the hunt.
The agency is ominously unequivocal about PetyaA, calling it an “act of cyberterrorism”, and says the investigation is to establish the attack sources, and identify its “executors, organisers and paymasters”.
Within Ukraine, the attack became widespread, partly because one distribution channel, a bogus Me.Doc software update, is one of two accounting packages the country's tax office accepts.
Beyond Ukraine, it's widely assumed infection hit companies who have Ukraine operations, but that doesn't completely hold up.
As F-Secure writes in its ongoing investigation, “We know of victims who don’t use M.E.Doc and have no obvious connections to Ukraine. Yet they were infected during Tuesday’s outbreak. This mystery is one of the factors that have kept us from jumping on the conspiracy train. And we still don’t have answers here.”
F-Secure is greatly reluctant to label NotPetya as “state sponsored”, but is “less and less” sceptical of that hypothesis.
Which is about as far as any sensible commentator would be prepared to go. ®