The Petya pandemic continues, and its story at least has grown more complex. It's picked up at least two new names, ExPetr (from Kaspersky) and Nyetya (from Cisco). We'll stick with "Petya," for now, but researchers think that, while the current outbreak used code strings from Petya, it's sufficiently different to warrant a new name.
Specifically, it now appears to most that it's not ransomware at all, but rather a wiper masquerading as cryptoransomware. Those few who've paid the ransom seem not to have recovered their files, and indeed there may be no way for them to do so.
These features lead many to conclude that Petya's current instantiation is an act of cyber warfare, not cybercrime. Most observers think it originated with Russia (as Bleeping Computer puts it, "the obligatory part where we blame Russia"). While the evidence is circumstantial, it's more than reflexive. NATO has announced plans to step-up cyber defense cooperation with Ukraine.
Microsoft says a malicious update to tax accounting software MEDoc was the initial vector. Since then, researchers at Kaspersky have also found a watering hole attack in a website belonging to the Ukrainian city of Bakhmut.
Yesterday two sources of leaks resurfaced. WikiLeaks offers a manual for "ELSA" from Vault7. They claim ELSA is a CIA tool for tracking users of Wi-Fi enabled devices using Extended Service Set data from nearby Wi-Fi networks. And the ShadowBrokers, flacking their exploit-of-the-month club, promise they're about to name-and-shame an Equation Group operator who's tweeted rudely about them.