Microsoft Windows OS platform.
European Government, financial, utilities, transportation and energy sectors have been hit by a large-scale ransomware campaign which is a new strain built from the previously discovered “Petya” ransomware bolstered by the eternal blue exploit. It has vastly impacted Russia and Ukraine, however, the attack has significantly spread in the wild across Europe and Asia in countries such as UK, Germany, France, Italy, the Netherlands, Spain, Denmark, Poland, India as well as the US. Petya ransomware is a malicious software created to shut down computer systems, encrypt system files and request a $300 Bitcoin ransom to a Bitcoin wallet, and then enforce victims to send a unique identifier to the email address [email@example.com] to confirm the payment and get the decryption key.
As this is a new strain borrowing credible code from the “Petya” ransomware, it leverages the well known “EternalBlue” exploit targeting Windows SMBv1; a file-sharing service. The same exploit used by “WannaCry” ransomware to spread the infection in May 2017. Petya encrypts MFT (Master File Tree) tables for NTFS partitions and overwrites the MBR (Master Boot Record) with a custom bootloader that shows a ransom note and prevents victims from booting their computer.
Researchers the worldover made a run to find a killswitch or loophole similar to the case of WannaCry however, a researcher from Cybereason discovered the vaccine/cure to the itch. It is to simply create a file called perfc in the C:\Windows folder and make it read only. For further reading refer this article- https://www.bleepingcomputer.com/news/security/vaccine-not-killswitch-found-for-petya-notpetya-ransomware-outbreak/