At first, the new malware flare-up was seen to have a significant number of similar attributes of the Petya ransomware from a year ago as it revamps the ace boot record of the PC with a payment note guaranteeing that the circle has been scrambled and giving directions on the most proficient method to pay the payoff to recoup documents. Right off the bat, contrasts in NotPetya were noted, for example, utilizing a solitary email address as a state of contact instead of utilizing the Tor system to encourage.
A normal NotPetya begins its life as a RTF record with a .doc expansion appended to an email, in spite of the fact that it has been accounted for to have been spread through a bug in MEDoctax accounting software as well in a few cases. In the RTF attack vector, using a .doc file extension helps ensure that Microsoft Word is used to open the RTF file rather than WordPad, which is commonly the default application used to open RTF files on Windows. This leverages Windows’ use of file extensions rather than detecting file types to determine what program opens a particular file.