Petya/NotPetya Ransomware: What Research Report Reveals?
Early, Petya/NotPetya Ransomware is discovered in the wild targeting big companies and government agencies in Europe and the United States including Ukraine literally. Cyber police say that it is another massive cyber attack inspired by WannaCry developers and their success. According to researcher at Symantec firm – Petya ransomware creators are using the same exploit to take full advantage of Windows apps vulnerability as the WannaCry family which has hit millions of computers in 155 countries on the planet Earth couple of weeks ago. During online research we got to know that Petya/NotPetya virus attack began on Tuesday morning targeting Windows PC in Ukraine before distributing payloads across Europe and US. Unfortunately, the ransomware is being spread so fast so that it could break the world record of WannaCry and FSociety ransomware.
Following infiltration, Petya/NotPetya Ransomware displays a ransom note window asking victims to pay off ransom $300 in form of Bitcoin to a BTC base account. Please note that the ransom note will be entitled as “Ooops, your important files are encrypted….” Unlike other ransomware, its developers guarantee to help victims for recovering enciphered files safely and easily. But the problem is, its authors demand ransom to provide decryption key specially generate for your targeted computer and saved only on private sever controlled by them. The ransom message will also contain encrypted Public key that can be used for identifying your computer and providing proper key. Now, the question is why to make ransom payment if you can purchase a professional data recovery software at $50. Even more, doing any financial transaction using infected computer is not safe at all. Usually, such ransomware uses Keyloggers to record your keystrokes and steal financial credentials and send it to threat actors.
Petya/NotPetya Ransomware Attacks: Highlights
- Severely damages MBR settings whereas normal encoder only encrypts files.
- Asks victims to pay off 300 USD (currently equivalent to 0.11855 Bitcoin) to provide decryption key.
- Petya/NotPetya Ransomware infects PC through exploiting Windows applications vulnerabilities.
- Communicates with victims using email ID – [email protected].
- Primarily focused on extorting money from the Windows users residing in Europe, US and Ukraine.
Experts' Advice to the PC users for Securing System
According you security experts if you keep an efficient security software installed, activated and up-to-date on your computer then Petya/NotPetya Ransomware will not be able to compromise your computer. Even, you should avoid double clicking Junk email attachments or shady links to avoid such malware attack. Now, you should make use of Petya/NotPetya Ransomware removal guide wisely:
Free Scan your Windows PC to detect Petya/NotPetya Ransomware
Remove Petya/NotPetya Ransomware From Your PC
Step 1: Remove Petya/NotPetya Ransomware in Safe Mode with Command Prompt
- First of all disconnect your PC with network connection.
- Click restart button and keep pressing F8 key regularly while system restart.
- You will see “Windows Advanced Options Menu” on your computer screen.
- Select “Safe Mode with Command Prompt” and press Enter key.
- You must login your computer with Administrator account for full privilege.
- Once the Command Prompt appears then type rstrui.exe and press Enter
- Now follow the prompts on your screen to complete system restore.
Step 2: Remove Petya/NotPetya Ransomware using MSConfig in Safe Mode:
- Power off your computer and restart again.
- While booting press the “F8 key” continuously to open “Windows Advanced Options Menu”.
- Use the arrow keys to select “Safe Mode” option and press Enter key.
- Once system get started go to Start menu. Type “msconfig” in the search box and launch the application.
- Go to the Startup tab and look for files from %AppData% or %Temp% folders using rundll32.exe. See an example below:
C:\Windows\System32\rundll32.exe C:\Users\username\appdata\local\temp\regepqzf.dll,H1N1
- Disable all the malicious entries and save the changes.
- Now restart your computer normally.
Step 3 : Kill Malicious Process Related To Petya/NotPetya Ransomware
- Press Alt+Ctrl+Del buttons together.
- It will open the Task manager on your screen.
- Go to Process Tab and find Petya/NotPetya Ransomware related process.
- Click the End Process Now button to stop the running process.
Step 4 : Remove Petya/NotPetya Ransomware Virus From Registry Entry
- Press “Windows + R” key together to open Run Box.
- Type “regedit” and click OK button.
- Find and remove Petya/NotPetya Ransomware related entries.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Runonce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
Now hopefully you have completely removed the Petya/NotPetya Ransomware virus from your computer. If you are still get ransom message from the threat or unable to access your files, then it means that virus still remain into your computer. In such situation you don’t have any other option except removing this virus using any powerful malware removal tool.
Whereas if you have any backup of your infected or encrypted files, then you can also reinstall your Windows OS. This will erase all your files and data as along with the Petya/NotPetya Ransomware infection. You will get a completely empty computer system with no files. Now you can use your backup to get your files. If you don’t have any backup then using malware removal tool is a better option for you.
If you have any query or question regarding your computer, then you can easily ask your problem to our experts. Go to the Ask Any Question page and get the answer for your query directly from out experts.
Related Posts
Tips To Uninstall Howareyou Ransomware- Dusk Ransomware Deletion: Easy Guide To Uninstall Dusk Ransomware Completely
- Guide To Delete YAYA Ransomware
- Tips For Deleting Bepabepababy Ransomware from Windows 10
- Complete Guide To Uninstall Hupstore Ransomware from Windows 8
- Uninstall F0x ransomware from Windows 10