Why isn’t Secure Boot protecting against ransomware like PETYA

Secure Boot prevents the computer from booting if the bootloader (stored in the MBR, on MBR disks) or other boot-time code is tampered with. It doesn't actually prevent such tampering itself. The purpose of Secure Boot is to prevent malicious boot code from compromising your computer invisibly - think spyware that records your keystrokes and files - not to protect you from malware that tries to deny you access to your computer.

In InfoSec terms, Secure Boot provides integrity - you know if something has been tampered with - and can also provide authentication (if you only trust one signing key, you can be pretty sure that if your computer boots its boot image was signed by that key). It does not provide availability (protection against denial-of-service attacks, which is basically what ransomware is) or authorization (access control checks that control what software is allowed to do) except in the sense that it prevents the machine from booting if the boot image is tampered with.

You can usually block writes to the MBR from the firmware (BIOS or (U)EFI).