Petya Ransomware IOCs

1. Petya Ransomware Campaign
2.  
3. Email address associated with infections:
4.  
5. [email protected]
6. Bitcoin address:
7.  
8. 1Mz7153HMuxXTuR2R1t78mGSdzaAtNbBWX
9. Targeted file extensions:
10.  
11. .3ds.7z.accdb.ai.asp.aspx.avhd.back.bak.c.cfg.conf.cpp.cs.ctl.dbf.disk.djvu.doc.docx.dwg.eml.fdb.gz.h.hdd.kdbx.mail.mdb.msg.nrg.ora.ost.ova.ovf.pdf.php.pmf.ppt.pptx.pst.pvi.py.pyc.rar.rtf.sln.sql.tar.vbox.vbs.vcb.vdi.vfd.vmc.vmdk.vmsd.vmx.vsdx.vsv.work.xls.xlsx.xvd.zip.
12. Ransom note name:
13.  
14. README.TXT
15. Ransom note text:
16.  
17. Send your Bitcoin wallet ID and personal installation key to e-mail
18. 1Mz7153HMuxXTuR2R1t78mGSdzaAtNbBWX
19. Ooops, your important files are encrypted.
20. If you see this text, then your files are no longer accessible, because
21. they have been encrypted. Perhaps you are busy looking for a way to recover
22. your files, but don't waste your time. Nobody can recover your files without
23. our decryption service.
24. We guarantee that you can recover all your files safely and easily.
25. All you need to do is submit the payment and purchase the decryption key.
26. Please follow the instructions:
27. Send $300 worth of Bitcoin to following address:
28. Does not encrypt files in this folder:
29.  
30. C:\Windows;