There’s already mounting evidence that Petya’s focus on Ukraine was deliberate. The highest-profile one was a Ukrainian accounting program called MeDoc, which sent out a suspicious software update Tuesday morning that many researchers blame for the initial Petya infections. Attackers also planted malware on the homepage of a prominent Ukraine-based news outlet, according to one researcher at Kaspersky.
https://it.slashdot.org/story/17/06/28/2045256/the-petya-ransomware-is-starting-to-look-like-a-cyberattack-in-disguise
origin - http://www.pipiscrew.com/2017/06/the-petya-ransomware-is-starting-to-look-like-a-cyberattack-in-disguise/ the-petya-ransomware-is-starting-to-look-like-a-cyberattack-in-disguise