Home / Virus Removal / How to Remove Petya Ransomware & Recover Encrypted Data

How to Remove Petya Ransomware & Recover Encrypted Data

Another dangerous ransomware “Petya ransomware” has been found causing trouble to the users of computers. It locks the functions of the full system all at once, denying access to you. There is no file by file encryption. It works instantly on getting hold of the files, locations, sizes and firsthand information saved on the hard disk. Moreover it replaces the reboot code of the computer itself with its malicious rebooting code. This decreases the chances of reboot. It Display a message like this

 

“The hard disks of your computer have been encrypted with a military grade encryption algorithm. It’s impossible to recover your data without a special key. This page will help you with the purchase of this key and the complete decryption of your computer”

Petya Ransomware

How does Petya Ransomware enters into system?

Petya ransom itself is a very clever ransom virus that knows how to get to its targets. Its target audience is none other than the group of gracious business users. The spam emails that cloak of subjected to job application, contain this harmful ransomware.

For instance, an employee of HR receives an email. The sender is the one who wants to apply for a designation in the company. Thus, the email also contains a resume linked to a Dropbox file. In real, that link is of an EXE file. The employee in anticipation clicks on the link to have a look on the curriculum vitae but doesn’t find the required file anywhere. Instead, the display would show Blue Screen of Death, i.e. Petya has successfully invaded in your computer and it won’t be long enough when it will start its dirty mission.

What to do if you become victim of Petya Ransomware

Below are the steps that you have to take if get noticed immediately that you become victim of Petya.

  1. The moment Petya walks in and your screen displays Blue Screen of Death, remember that all of your precious data has still not been corrupted. Its takes a while for it to get its hand to the Master file table and encrypt it. See if your computer gives the option of BSOD or reboot or a Check Disk, if so then shut it down right away. Remove your hard drive immediately, connect it with another PC and follow the necessary instructions to recover your files.
  2. In case Petya succeeds in encrypting the Master file table, don’t worry. It leaves the files as it is. Do not try to recover it on your own but a specialist can help you recover the data on the hard drive. It will cost a handsome amount of money and time also. But it’d be worth it.

How to Remove Petya Ransomware

To Remove the Petya ransomware from the infected system do follow the following steps.

  1. Immediately stop any malicious running process using Windows Task Manager. Press CTRL + SHIFT + ESC keys to bring up the Windows task Manager and locate the unknown or Suspicious looking process to kill that.
  2. Remove any suspicious startup item from using the msconfig command.
  3. Scan your computer using 1 or 2 good Antimalware Software to remove any trojan or spyware from the computer which are responsible for the spread of Petya Ransomware. Many of these software are free to use.

How to recover Petya encrypted file

To recover the data encrypted but Petya Ransomware, Below methods can tried. Though there is no guarantee that it will be recovered 100%. Though it is not possible to recover data from ransomware attack but you give the following methods a try to recover data.

  1. Try to restore your computer to a previous backup point using System Restore feature of Windows.
  2. If the above does not work then try to install a good File Recovery Software to recover the files. Ransomware normally deletes the file after creating its encrypted copy, So there may be some chances that you may recover your important data.
  3. If the above does not work give a last try to Shadow Explorer to recover the files.

How to Prevent Petya Ransomware

To prevent your computer from getting into a Petya Ransomware mess, use an active Internet Security Software like Norton or Bitdefender or any other trusted one. It would keep away every email that might contain a suspicious link to Petya. Even if the Petya wins over the security software, the software will detect it and block its malicious activities. Also check out the Best Anti-Ransomware Software.

Talking about Petya’s characteristics, it is the most advanced ransomware. It is reported that its authors must are highly qualified and skilled ones. It has a low-level architecture that limits it to coding. In some attempts it has failed in achieving what it wanted to but then again it’s a superlative code designed by highly technical staff. Its presence could cause a major harm.

Petya Ransomware Decryption Key or Password Generator

Petya Decryptor

We found a tool to Generate the decryption key to decrypt the files encrypted by Petya Ransomware. Get a Password Key without paying any ransom. Leostone create a Decryption Key generator to defeat the Petya Ransomware. Follow these steps to get a Free petya Decryption Key.

  1. Remove the infected hard disk from the computer and attach it with another working computer.
  2. Download the Sector Data Extractor Tool for Petya to extract the data from the infected hard drive.
  3. Run the tool and it will automatically detect the infected drive and display a screen like this
  4. Now Open internet browser and open the website http://petya-pay-no-ransom.herokuapp.com/ developed by Leostone.
  5. Click on the copy Sector and Paste (Ctrl + V) on the website in first box and then click on the Copy Nonce and paste it in the second box on the leostone’s website.
  6. Click on the submit and with in a minute you will get your password to decrypt the disk. Note Down this password.
  7. Now attach the disk back to the system and Start the system.
  8. When it display the Petya lock screen. Enter the password and it will start the process of Decryption of the drive.

Update: Cyber Criminals have updated the Petya Ransomware. Now it comes with green color instead of red color. So it is not sure that the above decryption tool is still working or not? Please post your experience to help other users.

This post was last updated on:2016-05-20 | First Published:2016-05-21

About Techexpert

Check Also

How to Remove search.oliverto.com Homepage (Removal Help)

Question I simply want to know the exact method to completely remove search.oliverto.com. It is ...

Write your comment

We will keep your email private and is not visible to others

*