VERY IMPORTANT

This is worm-like ransomware based on Petya. -- The malware was deployed via the software update mechanism in a piece of Ukranian accounting software on the morning of Tuesday 27th June 2017. -- The malware encrypts files and the boot record of hard disks, leaving behind a ransomware note. -- It spreads within networks through PsExec and WMIC commands, using credentials stolen by a tool similiar to Mimikatz. -- It also attempts to srpead using the EternalBlue and EternalRomance SMBv1 exploits. -- It also clears event logs and the file system journals. -- In this case paying the attackers will not help get any files back. Example note: Please follow the instructions: 1. Send $300 worth of Bitcoin to following address: 1Mz7153HMuxXTuR2R1t78mGSdzaAtNbBWX 2. Send your Bitcoin wallet ID and personal installation key to e-mail wowsmith123456@posteo.net.