Another ransomware is out and making its comeback, causing havoc to many users. This latest ransomware is called Petya ransomware. Petya functions as a ransomware-type of infection which was first discovered in 2016. Apparently, its developers decided to recover and release the ransomware by the end of June, 2017 and since then had attacked 12,000 machines over 65 countries. This ransomware came from Russia. Its first attack since coming back, originated from Ukraine and started spreading on June 18, 2017 or earlier than that. The Petya ransomware has already affected several companies like Rosneft, Maersk, Saint-Gobain, banks like the National Bank of Ukraine, and more.
Petya ransomware is also known as PetrWrap, GoldenEye ransomware, Mamba virus and Mischa ransomware, although the newly recovered Petya ransomware starts to behave like the WannaCry ransomware and that spoke volumes knowing how fatal the WannaCry is. Once Petya infects your computer, it won’t encrypt your files one by one but reboots your computer first and displays the screen shown above. It then starts to encrypt the Master File Table (MFT) of your hard drive that causes the Master Boot Record (MBR) to stop operating. When that happens, the Petya virus silently carries out the encryption process in your system’s background. Once the encryption is done and you try to reboot your computer, a flashing skeleton will appear together with the text, “PRESS ANY KEY”. After you press the key, another window opens containing the ransom note.
The ransom note asks the user to pay 0.9 BitCoin which is around $400, however it was changed to $300 in BitCoin. So the ransom amount could be different for each victim. The Petya ransomware uses a very complex algorithm which is RSA-4096 and AES-256 in encrypting files. These complicated algorithms are impossible to decrypt without the decryption key which is located somewhere on a remote server that is only accessible to the developers of Petya.
You can get infected with this dangerous ransomware after downloading a fake office document usually found on spam emails. According to our researchers, the Petya ransomware uses the SMBv1 vulnerability which was also used by the WannaCry ransomware to spread out its infection. And after a series of test, they’ve found out that if you create a text file entitled, perfc and place it in C:Windows folder, the Petya ransomware removes itself once it detects that file on your computer. Strange right? But it is worth the shot and besides, prevention is always better than cure so to protect yourself from the wrath of this ransomware create the perc file and make sure you have an excellent antivirus and anti malware program in your computer like Spy Remover Pro.
Eliminate Petya Ransomware using the two methods below.
Method #1 – Remove Petya ransomware using Windows Task Manager and cd restore
Step 1: Open the Windows Task Manager by pressing Ctrl + Shift + Esc at the same time. Proceed to the Processes tab and look for the any suspicious processes that can be related to the Petya Ransomware.
Right-click on the processes, then click Open File Location and scan them using a powerful and trusted antivirus like SpyRemover Pro. After opening their folders, end their processes and delete their folders. If the virus scanner fails to detect something that you know is suspicious, don’t hesitate to delete it.
Step 2: Open Control Panel by pressing Start key + R to launch Run and type appwiz.cpl in the search box and click OK.
Find Petya ransomware or any suspicious program and then Uninstall.
Step 3: Open System Configuration by clicking the Windows button and typing in msconfig and pressing Enter. Go to Startup and unmark items with unknown manufacturer.
Step 4: Open the File Explorer by pressing the Windows key + E.
Step 5: Go to the directories listed below and delete everything in it. Or other directories you might have saved the file related to the Petya ransomware.
- %USERPROFILE%\Downloads
- %USERPROFILE%\Desktop
- %TEMP%
Step 6: Look for the any suspicious file that could be related to Petya ransomware
Step 7: Right-click on it and click Delete.
Step 8: Empty the Recycle bin.
Step 9: Reboot your computer into Safe Mode with Command Prompt by pressing F8 a couple of times until the Advanced Options menu appears.
Navigate to Safe Mode with Command Prompt using the arrow keys on your keyboard. After selecting Safe Mode with Command Prompt, hit Enter.
Step 10: After loading the Command Prompt type cd restore and hit Enter.
Step 11: After cd restore, type in rstrui.exe and hit Enter.
Step 12: A new window will appear, and then click Next.
Step 13: Select any of the Restore Points on the list and click Next. This will restore your computer to its previous state before being infected with the Petya Ransomware.
Step 14: A dialog box will appear, and then click Next.
Step 15: After the system restore process, download SpyRemover Pro to remove any remaining files or residues of the Petya Ransomware.
Method #2 – Remove Petya Ransomware using SpyRemover Pro
- Turn on your computer. If it’s already on, you have to reboot
- After that, the BIOS screen will be displayed, but if Windows pops up instead, reboot your computer and try again. Once you’re on the BIOS screen, repeat pressing F8, by doing so the Advanced Option shows up.
3. To navigate the Advanced Option use the arrow keys and select Safe Mode with Networking then hit
4. Windows will now load the Safe Mode with Networking.
5. Press and hold both R key and Windows key.
6. If done correctly, the Windows Run Box will show up.
7. Type in explorer http://www.fixmypcfree.com/install/spyremoverpro
A single space must be in between explorer and http. Click OK.
8. A dialog box will be displayed by Internet Explorer. Click Run to begin downloading SpyRemover Pro. Installation will start automatically once download is done.
9. Click OK to launch SpyRemover Pro.
10. Run SpyRemover Pro and perform a full system scan.
11. After all the infections are identified, click REMOVE ALL.
12. Register SpyRemover Pro to protect your computer from future threats.