The ransomware is operating at the Firmware level, rewriting your bios, typically a VIA chip on your motherboard, and some firmware of hard drives. Western Digital and Samsung are especially effected, but Hitachi's and Fujitsu's are not from what I have seen. It works in both Windows XP, 7 & 8, and various versions of Linux, going back to Gutsy Gibbon on Ubuntu, but seems to affect debian distro's including Kali, Parted Magic, Linux Mint, Raspbian and also updates the firmware of RaspberryPi's.
Its a good bit of malware exploiting the IEE standards.
For example, if you put a bios password in place to prevent setup changes and/or OS loading, once you have loaded the OS, you'll note you can update the bios from within Windows or Linux, so the charade of bios security is non existent. With regards to hacking the firmware of hard drives, this practice goes back to the 90's and in my tests, the malware even works on Bios found in PC's built in 2004 infecting the hard drives firmware of those machines.
A bios will always load a USB device first and the latest UEFI standard even allows drivers to be remotely loaded/unloaded so theres nothing stopping this malware from spreading unnoticed as Antivirus simply doesn't look at firmware. Theres millions of device's that have been hacked, now you know why the Chinese wont allow their own branded android phone's to have the firmware be updated.