Petya is ransomware-as-a-service, the author gives you the binary payload and unlocking service and it's up to the buyer to distribute / infect people. It often leads to poorly setup things like this where the buyer probably didn't expect their variant to spread so wildly.