Several factors point to Petya being a sabotage tool masquerading as ransomware.
Local security researcher Nick FitzGerald, the former editor of Virus Bulletin and who now works for Slovak anti-malware vendor ESET, noted the malware spread by piggybacking on an update pushed out by Ukrainian tax accounting software provider ME Doc, used by companies dealing with the government in the European country which is currently trying to fight off Russian-backed military incursions in its eastern provinces.
It was also distributed as a drive-by download from a Ukrainian news site, he said.
The malware was designed to spread itself only through company networks and not the internet, suggesting its use was to be limited to companies like ME Doc clients. That particular trick didn't work because the European arms of the global companies appear to have used virtual private networks that spread the infection inadvertently.
Other researchers found that despite the screen demanding the ransom, the malware made no attempt at saving the data it scrambled on computer hard drives so that it could later be decrypted.
It's a dangerous situation because so much critical infrastructure depends on IT, along with our healthcare and transportation systems - and our economy and government.
Instead, the malware simply overwrites the disk and generates a random, useless string of data which the ransom notice says should be used with the decryption key. Add to that the fact that the malware writers asked victims to send the ransom in Bitcoin via an email address that was taken down almost immediately, a very feeble communication method that quite simply wasn't going to work.
Even if victims paid the ransom, the files on their computers would be gone forever. From the above it's clear that the ransomware guise was just a smokescreen.
This weeks attacks weren't the first of its kind either. Ukraine has been hit before by destructive malware that tried to disrupt the country's power grid and financial institutions.
During the WannaCry ransomware attacks in May this year, ESET found another piece of malware which it calls Xdata and AES-NI, which seems very similar to the current Petya/GoldenEye.
Governments around the world need to urgently work together to stop this kind of idiotic, irresponsible, asymmetric, out of control warfare which will otherwise some time soon cause devastating and lasting hurt.
As with its later cousin, Xdata/AES-NI was spread via ME Docs updates in Ukraine. Xdata used a combination of exploits leaked from the US National Security Agency, along with legitimate Windows tools to break into even patched and updated computers, just like Petya/GoldenEye does.
While Xdata was ransomware (there is now a decryptor for it, and the email addresses used by the criminal for payments are blocked), the similarities between it and this week's malware make it seem like a trial run for the current attacks in Ukraine.
Petya/NotPetya/GoldenEye however was deployed to destroy, nothing else.
That's scary enough, but when you consider the collateral damage the malware caused around the world, you realise how a "cyber war" can and will hit all of us.
We're all interconnected and the internet doesn't care about geographical boundaries - unlike conventional weapons, when nation state actors release destructive code over computer networks, the damage is guaranteed to spread far and wide.
It's a dangerous situation because so much critical infrastructure depends on IT, along with our healthcare and transportation systems - and our economy and government.
Countries setting up cyber armies to hack back at enemies is the wrong response, and will only make the problem worse.
Governments around the world need to urgently work together to stop this kind of idiotic, irresponsible, asymmetric, out of control warfare which will otherwise some time soon cause devastating and lasting hurt.
