Symantec has confirmed the initial infection vector has been associated to MEdoc, a tax and accounting software package widely used in Ukraine. After gaining an initial foothold, it then leverages a variety of network sharing techniques to spread the infection, in addition to exploiting the SMB protocol Eternal Blue. At the time of this posting, there has been no confirmed evidence of this attack being delivered by email communication.

Full detection coverage is in place and across the email scanning infrastructure. Symantec’s AV engine detects the Petya ransomware as Ransom.Petya. Skeptic coverage as Trojan.gen.

For additional insight into this variant and infection points please see for the latest information:


A new variant of the Petya ransomware campaign has been reportedly making its way around Europe. Symantec is aware of this ransomware campaign. There has been no indication of the attack being seen in email communications at the time of this posting. The Petya components are being detected as Ransom.Petya. Whilst we continue to investigate this attack, Skeptic detection is in place for the samples verified to be a part of the Petya Ransomware.

For more information on the Petya Ransomware Outbreak please see the Blog article below:

Began at:

Affected components