As per another investigation, the infection was intended to look like ransomware yet was wiper malware that wipes PCs inside and out, annihilating all records from the frameworks.
Working Of Petya Attack.
Petya is a terrible bit of malware that, not at all like other conventional ransomware, does not encode Files on framework one by one.
Rather, Petya reboots casualties PCs and scrambles the hard drive's Master File Table (MFT) and renders the Master boot record (MBR) inoperable, confining access to the full framework by seizing data about document names, sizes, and area on the physical circle.
At that point Petya ransomware takes a scrambled duplicate of MBR and replaces it with its own particular malicious code that shows a payment note, leaving PCs not able to boot.
However, this new variation of Petya does not keep a duplicate of supplanted MBR, intentionally, leaving tainted PCs unbootable regardless of the possibility that casualties get the decoding keys.
Likewise, in the wake of Infecting one machine, the Petya ransomware filters the nearby system and rapidly infects every single other machine (even completely fixed) on a similar system, using EternalBlue exploit
Should you pay them?
Up until this point, about 45 casualties have effectively paid aggregate $10,000 in Bitcoins in plan to recover their Data, however shockingly, they would not ever be able to recover their data.
This is on the grounds that the email address, which was being set-up by the Hackers to speak with Victims and send Decryption keys, was suspended by the German supplier not long after this attack went online.
Regardless of the possibility that casualties do pay the payoff, they will never recoup their records. Kaspersky Developers additionally said same.