The Juscutum Attorneys Association, a Ukrainian law firm, is rallying NotPetya victims to join a collective lawsuit against Intellect-Service LLC, the company behind the M.E.Doc accounting software, the point of origin of the NotPetya ransomware outbreak.
The lawsuit is in its incipient stages. Juscutum representatives are currently spreading their message and encouraging victims to join the lawsuit via social media posts and articles in local Ukrainian press.
The NotPetya ransomware spread via a trojanized M.E.Doc update, according to Microsoft, Bitdefender, Kaspersky, Cisco, ESET, and Ukrainian Cyber Police.
A subsequent investigation by ESET researcher Anton Cherepanov discovered that a known cyber-espionage group — named TeleBots — had compromised the servers of Intellect-Service three times in the past months and used the same M.E.Doc update mechanism to deliver three different ransomware families: XData, an obscure WannaCry clone, and NotPetya — with the last one causing the most damage.
Cherepanov's investigation revealed that Intellect-Service had grossly mismanaged the hacked servers, which the company failed to install updates since 2013.
Days later, Ukrainian police seized the hacked Intellect-Service servers as part of an investigation into the attacks. Authorities did not arrest any staff, but said they were considering filing charges in the future.
Juscutum's legal endeavor comes on the civil front, akin to a class-action lawsuit.
"Juscutum offers legal retribution," the company wrote in a social media post [translated from Ukrainian]. "You have the opportunity to join a collective lawsuit against MEDoc."
FedEx said damage from NotPetya was permanent and might have lost some user shipping details for good. Similarly, US pharma giant Merck said last week that production of active ingredients used for key drugs is still down because of the NotPetya attack.
Juscutum says that on Tuesday, Ukrainian Cyber Police confirmed that M.E.Doc servers were backdoor on three different occasions in an official document.
The company is now using this document as the primary driving force behind its legal action. Juscutum says that victims must pay all court fees, must provide evidence or help with the collection of evidence, and agree to a 30% cut in the case of any awarded damages.
A Juscutum spokesperson did not answer Bleeping Computer's request for comment in due time for this article's publication.