Today's news is dominated by what we'll call, for convenience sake, the Petya pandemic. The ransomware infestation began in Ukraine, and has still hit that country most severely. It has spread rapidly around the world.
Petya is a familiar strain of ransomware security companies have been tracking at least since March of 2016. It had hitherto appeared mainly in targeted attacks. This time its spread has been fast and indiscriminate. Petya's code has been updated with worm functionality and the EternalBlue exploit the ShadowBrokers released on April 14, 2017. The ShadowBrokers claimed that EternalBlue was obtained from NSA (many, including Microsoft, agreed); their dump prompted widespread concern over zero-day inventories and the US Intelligence Community's Vulnerability Equities Process. It was also used in last month's WannaCry outbreak.
The current Petya infestation spreads as rapidly and indiscriminately as WannaCry did, but it's regarded as better crafted code. It doesn't exhibit WannaCry's botched Bitcoin wallets, and its attack on master boot records renders it more dangerous.
WannaCry has been widely associated with North Korea's Lazarus Group, but speculation about this instance of Petya focuses on Russia. Ukraine, the original and principal victim, thinks the ransomware is Russia's work. And like WannaCry, the return on the hackers' investment has been trivial in comparison with the scope of the attack: less than $10,000, according to recent reports.
Early reports said this time Petya spread by phishing with malicious Word files, but that seems incorrect. Tanium says the initial vector was a Ukrainian software update.