What is Petya Ransomware?
Petya was first seen in 2016, It comes from the family of ransomware. This malware targets the operating system running the windows system.
The main objective of this ransomware is to infect the master boot record of the hard drive encrypting all the user’s data and prevent the windows from booting up. It will then demand a ransom from the victim to regain access to the encrypted files.
The ransom to be paid will be in Bitcoins, a cryptocurrency which is impossible to track.
The other versions of Petya were first seen in March 2016, which was then distributed through fraud e-mail attachments. These e-mails appeared to be from a well-known organization which fooled the user’s in thinking that it was legit.
In June 2017, a global cyber-attack was active which introduced a new version of Petya majorly targeting Ukraine.
This version was distributed through the EthernalBlue exploit, which is believed to have originated from National Security Agency(NSA) of U.S.
This method was earlier used by the WannaCry ransomware earlier this year. Kaspersky researchers denoted the new version of Petya as NotPetya to distinguish it from the older versions of 2016.
Although Petya is like the regular ransomware but in its later versions, it was modified in a way that it cannot revert the changes made by itself.
History
Petya was first seen in March 2016. Check Point noted this to be a ransomware evolution as this ransomware had few new infections induced in it which were taking over the global IT sector as a storm.
Another version of Petya discovered in May 2016 had a secondary payload which goes active if the ransomware fails to achieve the administrative rights of the system.
The name Petya comes from a sequel of James Bond film GoldenEye released in 1995, wherein Petya is one among the two weapon satellites that convey a "Goldeneye" – a nuclear bomb exploded in lower orbit of earth to deliver an electromagnetic pulse.
A Twitter account that Heise recommended may have had a place with the creator of the malware, named "Janus Cybercrime Solutions" after Alec Trevelyan's wrongdoing bunch in GoldenEye, had a symbol with a picture of GoldenEye character Boris Grishenko, a Russian programmer and foe in the film played by Scottish performing artist Alan Cumming.
How did Petya ransomware infect your computer?
To distribute Petya ransomware hackers usually utilize spam emails (irresistible attachments), third-party programs, third-party websites, freeware programs, freeware games, and trojans.
Once opened, these malicious attachments (for instance, MS Office reports, JavaScript records, etc.) download and install malware.
The latest version of Petya ransomware was detected to be a German version.
Unofficial software downloads, (for example, freeware download sites, free document facilitating sites, torrents, eMule, and so forth.) regularly introduce malicious executables as genuine programming.
In doing such, these sources fool users into downloading and running malware.
These malware's essentially open "entryways" for other malware to invade the system. These are the most widely recognized approaches to distribute ransomware.
If you are a victim of Petya ransomware, we highly recommend that you follow the steps below and get rid of the infection using safe mode and then create a strong firewall against any such attempts.
Remove Petya ransomware in Safe Mode with Command Prompt
Step – 1(enter safe mode)
- Steps to be followed to enter the safe mode Win XP/Vista/7
- Click start, then shut down, then restart.
- While the computer is booting up at the very first screen start tapping F8 until you see the advanced boot options.
- In the advanced boot option’s, you need to select safe mode with Command prompt from the list of given options.
Steps to be followed to enter safe mode in Win 8/10.
- On the windows login screen, you need to press the power option.
- Now, press and hold the shift key on the keyboard, and then click Restart.
- Now, among the list of options you need to select Troubleshoot, and then advanced options, then startup settings and finally press restart.
- Once your computer restarts and gives you the list of startup options you need to select Enable Safe Mode with Command prompt.
Step – 2 (Restore system)
- Once you see the command prompt windows, type in cd restore and hit enter on the keyboard.
- Now, type rstrui.exe and hit Enter again.
- Then you would see new windows, click on next over there and select a restore point that is before the date of infection.
- Then, click next and followed by yes.
After disabling the firewall, we need to create a strong firewall to fight against such intrusions and prevent them in future.
Tips to Prevent virus and malware from Infecting Your System:
- Enable your popup blocker: Pop-ups and ads on the websites are the most adoptable tactic used by cybercriminals or developers with the core intention to spread malicious programs.
So, avoid clicking uncertain sites, software offers, pop-ups etc. and Install a powerful ad- blocker for Chrome, Mozilla, and IE
- Keep your Windows Updated: To avoid such infections, we recommend that you should always keep your system updated through automatic windows update.By doing this you can keep your device free from virus.According to the survey, outdated/older versions of Windows operating system are an easy target.
- Third-party installation: Try to avoid freeware download websites as they usually install bundled of software with any installer or stub file.
- Regular Backup: Regular and periodical backup helps you to keep your data safe in case the system is infected by any kind of virus or any other infection.Thus always backup important files regularly on a cloud drive or an external hard drive.
- Always have an Anti-Virus: Precaution is better than cure. We recommend that you install an antivirus like ITL Total Security or a good Malware Removal Tool like Download Virus RemovalTool