Petya virus
is another ransomware that locks the user's files. This blackmailer may be
very dangerous and can infect any PC but its main purpose are the computers of
German companies.
This
malware enters into victim's computers and secretly operates, and the computer
may be at risk. Petya encrypts your files with RSA-4096 and AES-256, it is even
used for military purposes. Such a code impossible to decrypt without the
private key.
Like other
vymogatelya as Locky virus, CryptoWall virus, CryptoLocker, this private key is
stored on some remote server, which can be accessed only by paying a ransom to
the Creator of the virus.
Unlike
other ransomware, once this virus is launched, it immediately restarts your
computer and when it boots again, the screen displays the message:
“DO NOT
TURN OFF YOUR PC! IF YOU STOP THIS PROCESS, YOU CAN DESTROY ALL YOUR DATA!
PLEASE MAKE SURE YOUR COMPUTER IS CONNECTED TO THE CHARGE!”
Although it
may look like a system error, in fact, at this moment, Petya silently performs
encryption in stealth mode.
If the user
tries to reboot the system or stop encryption of files appears on the screen
flashing red skeleton with the text “PRESS ANY KEY!”. Finally, after pressing,
a new window will appear with a note of redemption. In this note, the victim is
asked to pay 0.9 bitcoins, equivalent to about $400.[2]
However,
this price is only for one computer; therefore, for companies that have many
computers, the amount could be thousands. What also distinguishes this
extortionist is that he gives a week to pay the ransom, instead of the usual
12-72 hours which give other viruses in this category.
Moreover,
problems with Petya does not end there. Once this virus enters in system, it
will attempt to overwrite Windows boot files, or so-called master boot record
needed to boot the operating system.
You will
not be able to remove Petya virus from your computer if you do not reset the
master boot record (MBR).
Even if you
manage to fix these the settings and remove the virus from your system,
unfortunately your files will remain encrypted, because the removal of the
virus does not provide decryption of the files, just deletes the infectious
files.
Of course,
virus removal is important if you want to continue working with the computer.
We recommend you to use reliable anti-virus tools as Reimage, to take care of
the removal Petya.
The virus
called NotPetya violates the Chernobyl power plant
In June 27,
2017 the virus called NotPetya limitiruyte Petya had penetrated the computer of
sistemine corporations and international government agencies. In this regard,
the system could not run normally. In exchange for access trebuyutsya $ 300.
Further analysis showed that the virus is not a real Petya.[3].
Watching
the scale of the attack, the Ukraine mainly affected. Due to malfunction of the
Kiev airport had to cancel some flights. In addition, the workers of the
Chernobyl power plant had to regulirovat radiation levels manually.
Interestingly,
some IT experts found that the virus is spread through broken updates related
to the manufacturer of computer programs "MeDoc" in Ukraine. However,
such charges are still in need of additional evidence.
Fortunately,
other cybersecurity experts found a temporary solution how to prevent
NotPetya/Petya.a attack.
The spread of this virus
and how it can get into the computer?
Petya virus
usually spreads via spam email messages that contain bootable Dropbox link for
the file called “app folder-gepackt.exe” attached to them. The virus is
activated when downloaded and opened a file. Since you already know the spread
of this virus, you need to have ideas on how to protect your computer from
virus attack.
Of course,
you have to be careful with opening the electronic files that are submitted by
users of suspicious and unknown sources represent information that does not
relate to that which you expect. You should also avoid emails pertaining to the
“spam” category, as most providers email services automatically filter the
emails and put them in respective directories.
However,
you should not trust those filters, because potential threats can easily slip
through them. Also, make sure that your system is secured with a reliable
antivirus tool - best free antivirus software for Windows PC. Finally, it is always recommended to keep a backup on some
external drive, in case of dangerous situations.
How can I remove the virus
Petya with my PC?
As mi
mentioned, the Trojan virus Petya is important to the security of your future
files. Also, data recovery from external drives may only be performed when
virus and all its components completely removed from your PC. Otherwise, You
can enter and infect your files on external drives.
You can't
remove You from your computer with a simple removal procedure, because it won't
work with this malware. This means that you need to remove this virus
automatically.
Automatic
removal of virus You should be using a reliable antivirus tool that will detect
and remove this virus from your computer.
However, if
you are faced with some problems removing, for example, this virus can block
your antivirus program, you can always check the manual removal provided at the
end of the article.
Petya remove using Safe
Mode with Networking
Step 1:
Restart your computer to Safe Mode with Networking
Windows 7 /
Vista / XP
Click Start
→ Shutdown → Restart → OK.
When Your
computer is active, press F8 several times until Advanced Boot Options.
In the
list, select Safe Mode with Networking Select 'Safe Mode with Networking'
Windows 10
/ Windows 8
Login
window Windows-press the Power button. Then press and hold the Shift key and
click Restart..
Now select
Troubleshoot → Advanced options → Startup Settings and press Restart.
When Your
computer becomes active in the Startup Settings window, select Enable Safe Mode
with Networking. Select 'Enable Safe Mode with Networking'
Step 2:
Remove Petya
Login using
Your compromised account, and launch the browser. Download parental control
tool or another reliable antispyware program. Update it before you scan and
remove malicious files related to the program-extortionist, and complete
removal of Petya.
If the
ransom malware blocks Safe Mode with Networking, try the following method.
Remove Petya, using System
Restore
Step 1:
Restart your computer to Safe Mode with Command Prompt
Windows 7 /
Vista / XP
Click Start
→ Shutdown → Restart → OK.
When Your
computer is active, press F8 several times until Advanced Boot Options.
In the
list, click Command Prompt, Select 'Safe Mode with Command Prompt'
Windows 10
/ Windows 8
Login
window Windows-press the Power button. Then press and hold the Shift key and
click Restart..
Now select
Troubleshoot → Advanced options → Startup Settings and press Restart.
When Your
computer becomes active in the Startup Settings window, select Enable Safe Mode
with Command Prompt. Select 'Enable Safe Mode with Command Prompt'
Step 2:
Restore Your system files and settings
After the
appearance of the Windows Command Prompt, type cd restore and press Enter Type
'cd restore' without the quotes and press 'Enter'
Now enter
rstrui.exe and again hit Enter.. Enter 'rstrui.exe' without the quotes and
press 'Enter'
Once the
new window, click Next and select Your restore point before the infection
Petya. After that click Next. In the resulting window's 'System Restore' select
'adapt to IVF Select Your restore point and click 'Next'
Now click
Yes to start the system restore. Click 'Yes' and start a system restoration
After you perform a system restore to a previous date, download and scan your
computer and verify that the removal was successful.
Комментариев нет:
Отправить комментарий