Just in from Malwarebytes:
Don’t be a victim
UPDATE 6/29/2017 1045 PST: According to information uncovered within Malwarebytes Labs, we have determined that this ransomware variant is coded to erase a unique and randomly generated key that is used to encrypt the MFT (Master File Table). The destruction of the Salsa20 key makes it very unlikely that users can receive a working decryption key – even after paying the attackers ransom demands. For this reason, we warn any infected user who may be considering paying the ransom to beware. We have created a new entry on the Malwarebytes blog with the newly discovered information: EternalPetya and the lost Salsa20 key
UPDATE 6/27/2017 1653 PST: Based on information released by security researchers, a Ukrainian accounting software company called Me Doc pushed an update at around 10:30 GMT this morning, which installed the malware on the “victim zero” system. Then, using a mix of PSExec, WMI, and EternalBlue, it was able to spread to every other computer on the network. Me Doc has claimed that this isn’t the case; however, so we cannot fully confirm that this was the source of the original infection vector.