Top countries impacted by Petya

The Symantec Response team did further analysis on the attack and released the Top 20 countries impacted by Petya. Ukraine, US, Russia, France and the UK were the most impacted (see graph below).

Similar to WannaCry, Petya uses the Eternal Blue exploit as one of the means to propagate itself. However it also uses classic SMB network spreading techniques, meaning that it can spread within organizations, even if they’ve patched against Eternal Blue. Symantec has confirmed that MEDoc, a tax and accounting software package, is used for the initial insertion of Petya into corporate networks. MEDoc is widely used in Ukraine, indicating that organizations in that country were the primary target. After gaining an initial foothold, Petya then uses a variety of methods to spread across corporate networks.