It is looking that Petya might have been a wolf in wolf’s clothing which brings an interesting new wrinkle to the surface in all of this ransomware nonsense that we are dealing with. Petya, NotPetya, NewPetya, whatever you may want to call it, looks as though its primary goal may have not to been to actually be ransomware at all, but rather a tool that was being directed at specific entities in order to destroy data residing on those systems. Ransomware may have just been a cover for something more nefarious as is being looked into by security experts currently. It looks as though the worst is behind us at this time. If you have patched with Microsoft Security Bulletin MS17-010 – Critical and have Windows Defender up to date with current definitions, you should be “safe” from Petya and its variants.



Point of entry for Petya appears to be a corrupted Ukrainian accounting software and a Ukrainian government website hacked to be a watering hole. Petya was likely updated WannaCry code.

The killswitch that referred to earlier has been tested extensively and does in fact work. It seems that WannaCry greatly hampered Petya’s ability to infect systems globally, due to the extensive attention that WannaCry did get. And this again brings into question the exact motive behind Petya.

Discussion

Source: [H]ardOCP – You Petya Ass We Have Some Details