NotPetya

The Juscutum Attorneys Association, a Ukrainian law firm, is rallying NotPetya victims to join a collective lawsuit against Intellect-Service LLC, the company behind the M.E.Doc accounting software, the point of origin of the NotPetya ransomware outbreak.

The lawsuit is in its incipient stages. Juscutum representatives are currently spreading their message and encouraging victims to join the lawsuit via social media posts and articles in local Ukrainian press.

NotPetya spread via backdoored M.E.Doc update server

The NotPetya ransomware spread via a trojanized M.E.Doc update, according to  Microsoft, Bitdefender, Kaspersky, Cisco, ESET, and Ukrainian Cyber Police.

A subsequent investigation by ESET researcher Anton Cherepanov discovered that a known cyber-espionage group — named TeleBots — had compromised the servers of Intellect-Service three times in the past months and used the same M.E.Doc update mechanism to deliver three different ransomware families: XData, an obscure WannaCry clone, and NotPetya — with the last one causing the most damage.

Cherepanov's investigation revealed that Intellect-Service had grossly mismanaged the hacked servers, which the company failed to install updates since 2013.

Days later, Ukrainian police seized the hacked Intellect-Service servers as part of an investigation into the attacks. Authorities did not arrest any staff, but said they were considering filing charges in the future.

Ukrainian law firm wants to start class-action lawsuit

Juscutum's legal endeavor comes on the civil front, akin to a class-action lawsuit.

"Juscutum offers legal retribution," the company wrote in a social media post [translated from Ukrainian]. "You have the opportunity to join a collective lawsuit against MEDoc."

Because the NotPetya ransomware contained buggy code (some called it a wiper disguised as ransomware), many victims couldn't recover all the encrypted data.

FedEx said damage from NotPetya was permanent and might have lost some user shipping details for good. Similarly, US pharma giant Merck said last week that production of active ingredients used for key drugs is still down because of the NotPetya attack.

Juscutum lawsuit aided by official documents

Juscutum says that on Tuesday, Ukrainian Cyber Police confirmed that M.E.Doc servers were backdoor on three different occasions in an official document.

Ukrainian Cyber Police statement

The company is now using this document as the primary driving force behind its legal action. Juscutum says that victims must pay all court fees, must provide evidence or help with the collection of evidence, and agree to a 30% cut in the case of any awarded damages.

A Juscutum spokesperson did not answer Bleeping Computer's request for comment in due time for this article's publication.