An unnamed 51-year-old from the southern city of Nikopol was detained by the state cyber-police last week after a raid was carried out at the alleged attacker's home, ZDNet reported.
In a brief statement, police say they seized computers that were used to spread the malware in the cyberattack.
The statement said that the person of interest told police he had uploaded the malware to a file-sharing account and shared a link on his blog with instructions on how to launch the malware.
The malware was downloaded about 400 times, police say.
Read alsoUkrainian postal service hit by 48-hour cyber-attack – BBCSeveral companies downloaded the malware intentionally to "conceal criminal activity" and to "evade payments" to the state, police say.
But it's not clear if police have declared the person of interest a formal suspect in the cyberattack that spread to more than 60 countries.
News of the outbreak began in late June when predominantly Ukrainian systems were hit by a new strain of ransomware – just a month after a similar cyberattack that leveraged leaked NSA hacking tools to spread the WannaCry ransomware.
What separated this attack from the previous incident was that the ransomware needed just one infection point of entry, and was then able to spread laterally across an entire network.
Thousands of companies were affected by the Petya outbreak, with several major companies taking weeks to regain control of their systems, and suffering quarterly financial hits.
A decryption tool was eventually released.