NotPetya virus
The NotPetya virus superficially resembles Petya in several ways: it encrypts the master file table and flashes up a screen requesting a Bitcoin ransom to restore access to the files. But there are a number of important ways in which it's different, and much more dangerous:
NotPetya spreads on its own. The original Petya required the victim to download it from a spam email, launch it, and give it admin permissions. NotPetya exploits several different methods to spread without human intervention. The original infection vector appears to be via a backdoor planted in M.E.Doc, an accounting software package that's used by almost every company Ukraine. Having infected computers from Medoc’s servers,
NotPetya used a variety of techniques to spread to other computers, including EternalBlue and EternalRomance, two exploits developed by the United States NSA to take advantage a flaw in the Windows implementation of the SMB protocol. It can also take advantage of a tool called Mimi Katz to find network administration credentials in the infected machine's memory, and then use the PsExec and WMIC tools built into Windows to remotely access other computers on the local network and infect them as well.
NotPetya encrypts everything. The NotPetya malware goes far beyond the original Petya trick of encrypting the master boot record, going after a number of other files to seriously screw up your hard drive.
NotPetya isn't ransomware. This is in fact the most shocking — and important — thing about NotPetya. It looks like ransomware, complete with a screen informing the victim that they can decrypt their files if they send Bitcoin to a specified wallet. For Petya, this screen includes an identifying that they're supposed to send along with the ransom; the attackers use this code to figure out which victim just paid up. But on computers infected with NotPetya, this number is just randomly generated and would be of no help in identifying anything. And it turns out that in the process of encrypting the data, NotPetya damages it beyond repair.
So what's NotPetya's real purpose? The fact that it saw an abrupt and radical improvement in efficiency over its Petya ancestor implies a creator with a lot of resources — a state intelligence or cyberwarfare agency, say. That, combined with the 2017 attack's focus on the Ukraine, caused many to point their finger at Russia, with whom Ukraine has been involved in a low-level conflict since the occupation of Crimea in 2014. This accusation was taken up by the Ukrainian government itself, and many Western sources agree, including the U.S. and U.K.; Russia has denied involvement, pointing out that NotPetya infected many Russian computers as well.