What is Petna ransomware? And how does it work?
Petna ransomware is the latest version of the infamous Petya ransomware. Petya ransomware caused a major malware outbreak all over the globe one June 27, 2017. And now, after only a week, it is back with a vengeance, already wreaking havoc to numbers of users who have flooded reports that the latest version of Petya is making another comeback with a bang. Petna ransomware behaves exactly like its predecessors because instead of simply breaking the system and encrypting files; this malware changes the boot settings that enables the malware to instead of the Windows OS. Through its unique operating system, this ransomware encodes valuable documents. However, what’s surprising is that, it does not append any file extension. In other words, it does not encrypt your files.
Nevertheless, according to our researchers, this malware is like a disk wiper but does not delete files. Once it infiltrates your computer, it installs itself as a DLL file and then runs the rundd32.exe process which you could just overlook since it looks like an actual system process. The infection’s path is located in C:\027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745.bin.dll. As mentioned this ransomware acts like a disk wiper does not erase your files, and also does not assign a specific ID to your computer that could mean that, recovering your files is next to impossible since apparently, its motive is not to make profit but all about total system destruction.
How is Petna ransomware distributed?
Petna takes advantage of system vulnerabilities just like the Wannacry virus to assault its victim’s computer. However, according to our researchers, this malware spreads through corrupted system updates. After a thorough analysis, they found out that the main source of the infection was the Ukrainian accounting software developer M.E Doc. Perpetrators which was hacked and corrupted the update network. So any company that uses this software and installed the system update got infected as well. Technically, this malware functions via smbpeyta_kernel.bin, perfc.dat and other similar system files. As of this moment, the most effective way to prevent Petna ransomware is to update your operating system using cyber security tools.
How to remove Petna ransomware?
It is already understood that paying the ransom won’t get you anywhere since the email address provided was blocked by a Germany email service provider. That’s why you have to make Petna removal your topmost priority. Obviously, the ordinary uninstall and removal methods do not work for this kind of infection since Petna has modified your boot systems so that you won’t have access to your antivirus tools. Before you start the malware removal, keep in mind that this malware will load BEFORE the Windows OS so you will have to tap F8 or F2 after the initial Windows logo appears so that you can enter the Advanced Boot settings. From there, you should be able to select Safe Mode with Command Prompt or System Restore to eliminate the Petna ransomware. Follow the two methods along with the advanced steps below to complete the malware removal.
Method #1 – Remove Petna ransomware through Safe Mode with Command Prompt and cd restore.
Step 1: Reboot your computer into Safe Mode with Command Prompt by pressing F8 a couple of times until the Advanced Options menu appears.
Navigate to Safe Mode with Command Prompt using the arrow keys on your keyboard. After selecting Safe Mode with Command Prompt, hit Enter.
Step 2: After loading the Command Prompt type cd restore and hit Enter.
Step 3: After cd restore, type in rstrui.exe and hit Enter.
Step 4: A new window will appear, and then click Next.
Step 5: Select any of the Restore Points on the list and click Next. This will restore your computer to its previous state before being infected with the Petna Ransomware.
Step 6: A dialog box will appear, and then click Next.
Step 7: After the system restore process, download SpyRemover Pro to remove any remaining files or residues of the Petna Ransomware.
Method #2 – Remove Petna Ransomware using SpyRemover Pro
-
Turn on your computer. If it’s already on, you have to reboot it.
-
After that, the BIOS screen will be displayed, but if Windows pops up instead, reboot your computer and try again. Once you’re on the BIOS screen, repeat pressing F8, by doing so the Advanced Option shows up.
-
To navigate the Advanced Option use the arrow keys and select Safe Mode with Networking then hit Enter.
-
Windows will now load the Safe Mode with Networking.
-
If done correctly, the Windows Run Box will show up.
-
Type in explorer http://www.fixmypcfree.com/install/spyremoverpro
A single space must be in between explorer and http. Click OK.
-
A dialog box will be displayed by Internet Explorer. Click Run to begin downloading SpyRemover Pro. Installation will start automatically once download is done.
-
Click OK to launch SpyRemover Pro.
-
Run SpyRemover Pro and perform a full system scan.
-
Register SpyRemover Pro to protect your computer from future threats.