Petya 2017 Ransomware

What is Petya 2017 Ransomware?

Petya 2017 Ransomware is a malicious file-encrypting program that not just ruins your files, but also overwrites particular boot data needed to load Windows; this data is known as Master Boot Record or MBR in short. Consequently, it might cause a lot of trouble for the computer’s user if it manages to infect it. Sadly, even though the threat is not entirely new and most likely just an improved version of Petya Ransomware it is still impossible to decipher its encrypted data. Petya 2017 Ransomware’s creators could offer you to purchase a decryptor, but we would advise against it since there is no proof such a tool exists. Even if it does, the hackers might not bother to send it to each victim. This is why we believe the best solution is to ignore any urges to pay the ransom and remove the malware. If you feel up to the task, you should have a look at the instructions placed at the end of the article because the process might be rather complicated.

Where does Petya 2017 Ransomware come from?

Same as its previous variant Petya 2017 Ransomware should target computers with particular vulnerability on their operating system. To exploit it the malicious program uses an exploit called EternalBlue. Fortunately, Microsoft has already released a patch to get rid of the known vulnerability in its created operating systems. Users can get it either from the Microsoft website or by updating their Windows. Therefore, if you did not acquire it yet, we would strongly recommend doing so with no delays. What’s more, to make your computer as less vulnerable to threats as possible you could keep a legitimate antimalware tool installed. Just make sure it is not outdated either because if it is, it might be unable to protect the system properly. To be more precise, it may not recognize threats that were released later than its current version.

How does Petya 2017 Ransomware work?

As we mentioned at the beginning of the article, Petya 2017 Ransomware can alter your operating system’s Master Boot Record to make it unbootable. According to our researchers at Anti-spyware-101.com these changes take place the moment the threat restarts the infected computer. Then the restarted computer should show a message saying “Repairing file system on C. The type of the file system is NTFS.” To scare the user and stop him from unplugging the computer it gives this warning “DO NOT TURN OFF YOUR PC! IF YOU ABORT THIS PROCESS, YOU COULD DESTROY ALL OF YOU DATA!” followed by a similar line “CHKDSK is repairing sector 20365505 of 4294967266 (0%).”At this point, we should inform users that unless they do the opposite and turn off the computer, the malware will encipher their files with strong cryptosystem. The encryption process is finished when the fake alert disappears, so if you see it, you may still have a chance to save at least some of the malicious program’s targeted files.

Furthermore, after enciphering users files Petya 2017 Ransomware’s next step is to show users a ransom note. To make it visible, the malicious program could place it instead of the background picture or open a window containing it on top of the screen. No doubt, the ransom note is a message from the hackers through which they inform the user of their demands and consequences of not doing as told. Usually, hackers ask for a payment which has to be made according to the provided instructions or else they may threaten the user will never be able to decipher his data. Needless to say, you might not get any files back even if you make the payments. In this case, you would risk losing more than two thousand US dollars since the ransom is 0.8 Bitcoins. Thus, we advise users not to gamble with their savings and concentrate on how to fix their computer.

How to delete Petya 2017 Ransomware?

For starters, it is crucial to restore the altered Master Boot Record and this you can do with the instructions located at the end of this paragraph. They will show you how to repair MBR after booting into the operating system’s installation CD/DVD/recovery USB. As for the second part of the instructions you can either follow it to remove the infection manually or install a legitimate antimalware tool to perform a full system scan to locate and erase Petya 2017 Ransomware with automatic features.

Restore Master Boot Record

Windows XP

  1. Boot from your Windows XP CD.
  2. Click any key and wait till Welcome to Setup screen is displayed.
  3. Click R to access Recovery Console.
  4. You should be asked: “Which Windows installation would you like to log onto?”
  5. Type 1 if Windows XP is the only operating system on the computer.
  6. Type the computer’s password and click Enter.
  7. Then you should be asked: “Are you sure you want to write a new MBR?
  8. Type fixmbr, press Y, and tap Enter.
  9. Press Enter again.
  10. Remove the CD when MBR is restored.
  11. Type exit and tap Enter to restart.

Windows Vista

  1. Insert your Windows Vista CD/DVD.
  2. Choose language and keyboard layout.
  3. Click Repair your computer.
  4. Select the operating system and click Next.
  5. Choose Command Prompt and type the listed commands:
    bootrec /FixMbr
    bootrec /FixBoot
    bootrec /RebuildBcd
  6. Make sure you press Enter after each command.
  7. Wait for a message saying the MBR was fixed.
  8. Remove the CD/DVD.
  9. Type Exit and click Enter to restart.

Windows 7

  1. Boot from the Windows 7 DVD.
  2. Click any key to boot into the DVD.
  3. Select language and keyboard layout.
  4. Click Next and pick the operating system.
  5. Select Use recovery tools that can help fix problems starting Windows and press Next.
  6. Choose Command Prompt from the System Recovery window.
  7. Type the listed commands:
    bootrec /rebuildbcd
    bootrec /fixmbr
    bootrec /fixboot
  8. Make sure you click Enter after each command.
  9. Remove the DVD and restart the system.

Windows 8/Windows 8.1/Windows 10

  1. Boot from the operating system’s installation DVD or recovery USB.
  2. Click Repair, choose Troubleshoot, and select Command Prompt.
  3. Type the provided commands one by one:
    bootrec /FixMbr
    bootrec /FixBoot
    bootrec /ScanOs
    bootrec /RebuildBcd
  4. Click Enter after each command.
  5. Remove the DVD or recovery USB.
  6. Type exit and press Enter.
  7. Restart the computer.

Erase Petya 2017 Ransomware

  1. Press Win+E to open File Explorer.
  2. Check the listed directories to find the malicious program’s installer and its copy:
    %TEMP%
    %USERPROFILE%\desktop
    %USERPROFILE%\downloads
  3. Right-click these malicious files separately and choose Delete.
  4. Leave the File Explorer.
  5. Empty Recycle bin. 100% FREE spyware scan and
    tested removal of Petya 2017 Ransomware*
Disclaimer
Disclaimer

Leave a Comment

Enter the numbers in the box to the right *