The new Petya-2017 variant is not ransomware as it scrambles the MFT and MBR “table of contents” for the hard drive.  There is no way to recover from this destructive attack other than backups.  Researchers believe this is done more for malicious purposes rather than financial gains.

Like Petya, this attack overwrites the Master File Table and Master Boot Record on computers it infects. One organization reports that one unpatched machine was the culprit at its location, adding that it lost PCs due to a corrupted MBR, while other machines were showing the ransom note.

Researcher Matt Suiche of Comae Technologies said the malware is more wiper than ransomware. Suiche said this malware destroys the first 25 sector blocks of a hard disk, and the MBR section of the disk is purposely overwritten with a new boot loader.  The goal of a wiper is to destroy and damage. The goal of a ransomware is to make money. Different intent. Different motive. Different narrative.”

Experts continue to stress the importance of applying the MS17-010 update to unpatched machines, and advise disabling PSEXEC and WMIC on local networks