Today saw a massive outbreak of not-really ransomware that has caused significant damage to both Ukrainian targets and strategic global logistics companies. The worm uses three different infection vectors:

Harvested password hashes
The code is well written, obfuscated to protect against AV detection using at least two techniques:

Fake Microsoft signature (apparently fools some AV)
XOR encrypted shellcode payload (to bypass signature checks)
Although the worm is camouflaged to look like the infamous Petya ransomware, it has an extremely poor payment pipeline. There is a single hardcoded BTC wallet and the instructions require sending an email with a large amount of complex strings (something that a novice computer victim is unlikely to get right.)