"Petya" virus causes global chaos

Petya virus is another ransomware that locks the user's files. This blackmailer may be very dangerous and can infect any PC but its main purpose are the computers of German companies.

This malware enters into victim's computers and secretly operates, and the computer may be at risk. Petya encrypts your files with RSA-4096 and AES-256, it is even used for military purposes. Such a code impossible to decrypt without the private key.

Like other vymogatelya as Locky virus, CryptoWall virus, CryptoLocker, this private key is stored on some remote server, which can be accessed only by paying a ransom to the Creator of the virus.

Unlike other ransomware, once this virus is launched, it immediately restarts your computer and when it boots again, the screen displays the message:

“DO NOT TURN OFF YOUR PC! IF YOU STOP THIS PROCESS, YOU CAN DESTROY ALL YOUR DATA! PLEASE MAKE SURE YOUR COMPUTER IS CONNECTED TO THE CHARGE!”

Although it may look like a system error, in fact, at this moment, Petya silently performs encryption in stealth mode.

If the user tries to reboot the system or stop encryption of files appears on the screen flashing red skeleton with the text “PRESS ANY KEY!”. Finally, after pressing, a new window will appear with a note of redemption. In this note, the victim is asked to pay 0.9 bitcoins, equivalent to about $400.[2]

However, this price is only for one computer; therefore, for companies that have many computers, the amount could be thousands. What also distinguishes this extortionist is that he gives a week to pay the ransom, instead of the usual 12-72 hours which give other viruses in this category.

Moreover, problems with Petya does not end there. Once this virus enters in system, it will attempt to overwrite Windows boot files, or so-called master boot record needed to boot the operating system.

You will not be able to remove Petya virus from your computer if you do not reset the master boot record (MBR).

Even if you manage to fix these the settings and remove the virus from your system, unfortunately your files will remain encrypted, because the removal of the virus does not provide decryption of the files, just deletes the infectious files.

Of course, virus removal is important if you want to continue working with the computer. We recommend you to use reliable anti-virus tools as Reimage, to take care of the removal Petya.

The virus called NotPetya violates the Chernobyl power plant

In June 27, 2017 the virus called NotPetya limitiruyte Petya had penetrated the computer of sistemine corporations and international government agencies. In this regard, the system could not run normally. In exchange for access trebuyutsya $ 300. Further analysis showed that the virus is not a real Petya.[3].

Watching the scale of the attack, the Ukraine mainly affected. Due to malfunction of the Kiev airport had to cancel some flights. In addition, the workers of the Chernobyl power plant had to regulirovat radiation levels manually.

Interestingly, some IT experts found that the virus is spread through broken updates related to the manufacturer of computer programs "MeDoc" in Ukraine. However, such charges are still in need of additional evidence.

Fortunately, other cybersecurity experts found a temporary solution how to prevent NotPetya/Petya.a attack.

The spread of this virus and how it can get into the computer?

Petya virus usually spreads via spam email messages that contain bootable Dropbox link for the file called “app folder-gepackt.exe” attached to them. The virus is activated when downloaded and opened a file. Since you already know the spread of this virus, you need to have ideas on how to protect your computer from virus attack.

Of course, you have to be careful with opening the electronic files that are submitted by users of suspicious and unknown sources represent information that does not relate to that which you expect. You should also avoid emails pertaining to the “spam” category, as most providers email services automatically filter the emails and put them in respective directories.

However, you should not trust those filters, because potential threats can easily slip through them. Also, make sure that your system is secured with a reliable antivirus tool - best free antivirus software for Windows PC. Finally, it is always recommended to keep a backup on some external drive, in case of dangerous situations.

How can I remove the virus Petya with my PC?

As mi mentioned, the Trojan virus Petya is important to the security of your future files. Also, data recovery from external drives may only be performed when virus and all its components completely removed from your PC. Otherwise, You can enter and infect your files on external drives.

You can't remove You from your computer with a simple removal procedure, because it won't work with this malware. This means that you need to remove this virus automatically.

Automatic removal of virus You should be using a reliable antivirus tool that will detect and remove this virus from your computer.

However, if you are faced with some problems removing, for example, this virus can block your antivirus program, you can always check the manual removal provided at the end of the article.

Petya remove using Safe Mode with Networking

Step 1: Restart your computer to Safe Mode with Networking

Windows 7 / Vista / XP

Click Start → Shutdown → Restart → OK.

When Your computer is active, press F8 several times until Advanced Boot Options.

In the list, select Safe Mode with Networking Select 'Safe Mode with Networking'

Windows 10 / Windows 8

Login window Windows-press the Power button. Then press and hold the Shift key and click Restart..

Now select Troubleshoot → Advanced options → Startup Settings and press Restart.

When Your computer becomes active in the Startup Settings window, select Enable Safe Mode with Networking. Select 'Enable Safe Mode with Networking'

Step 2: Remove Petya

Login using Your compromised account, and launch the browser. Download parental control tool or another reliable antispyware program. Update it before you scan and remove malicious files related to the program-extortionist, and complete removal of Petya.

If the ransom malware blocks Safe Mode with Networking, try the following method.

Remove Petya, using System Restore

Step 1: Restart your computer to Safe Mode with Command Prompt

Windows 7 / Vista / XP

Click Start → Shutdown → Restart → OK.

When Your computer is active, press F8 several times until Advanced Boot Options.

In the list, click Command Prompt, Select 'Safe Mode with Command Prompt'

Windows 10 / Windows 8

Login window Windows-press the Power button. Then press and hold the Shift key and click Restart..

Now select Troubleshoot → Advanced options → Startup Settings and press Restart.

When Your computer becomes active in the Startup Settings window, select Enable Safe Mode with Command Prompt. Select 'Enable Safe Mode with Command Prompt'

Step 2: Restore Your system files and settings

After the appearance of the Windows Command Prompt, type cd restore and press Enter Type 'cd restore' without the quotes and press 'Enter'

Now enter rstrui.exe and again hit Enter.. Enter 'rstrui.exe' without the quotes and press 'Enter'

Once the new window, click Next and select Your restore point before the infection Petya. After that click Next. In the resulting window's 'System Restore' select 'adapt to IVF Select Your restore point and click 'Next'

Now click Yes to start the system restore. Click 'Yes' and start a system restoration After you perform a system restore to a previous date, download and scan your computer and verify that the removal was successful.