Petya Ransomware (Removal Instructions)

Petya ransomware is a computer virus that skips file encryption and encrypts the hard on a computer system instead. It then holds the hard drive for ransom and asks for a payment of .9 bitcoins in order to regain access to the computer system and encrypted files on the hard drive. Petya ransomware will encrypt portions of the hard drive in order to restrict access  to anything on the hard drive, including Windows. 

petya ransomware

The ransomware is distributed by deceptive email messages that contain malicious dropbox links that will download an executable file. Once the file is executed it will install Petya ransomware on the computer.

There is no current way to decrpyt this ransomware for free.

Petya Ransomware Encryption

When Petya ransomware is installed it will replace the infected computers boot drive’s Master Boot Record with a malicious loader. This will cause Windows to restart and automatically launch the new malicious ransomware loader. The loader will launch a fake CHKDSK screen. Petya will then  encrypt the Master File Table on the drive in order to make files on the computer inaccessible.

When this process is complete the infected computer will display a lock screen that contains instructions to make a payment to the ransomware authors. The instructions will appoint you with a unique ID and instruct you to visit a TOR website to make a payment and obtain a password to decrypt files.

If you enter the password, the ransomware will decrypt your files and allow you to boot back into Windows and access your files again.

How to remove Petya Ransomware (Removal Instructions)

  1. Scan your computer with Malwarebytes
  2. Scan your computer with HitmanPro
  3. Cleanup and repair settings with CCleaner

1. Scan your computer with Malwarebytes

The first step to remove Petya ransomware and malicious traces from your computer is to download and install Malwarebytes Anti-Malware software in order to perform a full system scan for malicious files.

1. Download and Install Malwarebytes Anti-Malware software.

2. Open Malwarebytes and click the Scan Now button or go to the Scan tab and click the Start Scan button.

3. When the Malwarebytes scan is complete click the Remove Selected button.

4. To finish the Malwarebytes scan and remove detected threats click the Finish button and restart your computer once promoted to do so in a pop-up message from Malwarebytes.

2. Scan your computer with HitmanPro

The second step to remove Petya ransomware and malicious traces from your computer is to download and install a second opinion scanner called HitmanPro by Surfright in order to perform a full system scan for malicious files.

1. Download and Install HitmanPro by Surfright.

2. Open HitmanPro and click Next to start scanning your computer. *If you are using the free version you may chose to create a copy or perform a one-time scan.

3. When the HitmanPro scan is complete click the Next button.

4. To activate the free version of HitmanPro: enter your email address twice and click the Activate button.

5. Click the Reboot button.

3. Cleanup and repair settings with CCleaner

The third step to remove Petya ransomware and malicious traces from your computer is to download and install CCleaner by Piriform in order to delete leftover junk files, tracking cookies, registry entries, unwanted start-up tasks, and more.

1. Download and Install CCleaner by Piriform.

2. Open CCleaner and go to the main Cleaner screen. Click the Analyze button. When the process is complete, click the Run Cleaner button on the bottom right of the program interface.

3. Go to Tools > Startup and search for suspicious entries in each tab starting from Windows all the way to Content Menu. If you find anything suspicious click it and click the Delete button to remove it.

4. Go to the Registry window and click the Scan for Issues button. When the scan is complete click the Fix selected issues… button and click Fix All Selected Issues.