Petya 2017 Ransomware Removal Guide

Do you know what Petya 2017 Ransomware is?

Petya 2017 Ransomware seems to be a newer version of a vicious malware known as Petya Ransomware. The new version remains in the ransomware category, although computer security specialists are beginning to question whether the malicious application was created for money extortion. Apparently, Petya 2017 Ransomware encrypts fewer file types than its predecessor. Also, the infection does a lot of damage to the computer that might even prevent the victim from using the device or paying the ransom. In this article, we will explain the threat’s working manner in more detail, so if you came here to get to know this malware better, we encourage you to read the rest of our report. Of course, there will be a removal guide below the article to make it easier for you to get rid of the malicious application. Plus, we will discuss its deletion process further in the text too.

Petya 2017 Ransomware should target vulnerable Windows versions that have not yet been updated and can be attacked while using the so-called EternalBlue exploit. The same method was used by its predecessor and another dangerous threat called WannaCry Ransomware. The main way to protect the system from these malicious applications is to update the computer’s operating system or get MS17-010 patch to eliminate the mentioned vulnerability. An outdated software can have various vulnerabilities, and threats like these are a great reminder why updates are important and why you should not postpone them or even worse refuse to get them while thinking it is unnecessary. Thus, if your Windows is not updated yet, we urge you to get as soon as possible, so that your system could not be targeted.

Unfortunately, if Petya 2017 Ransomware enters the system, it may cause a lot of harm both to the computer and files located on it, including the user’s personal data. Once it gets in the malware should create a couple of tasks to remain unnoticed by the user and restart the system automatically when needed. It might also a copy of itself on the system and encrypt particular files, e.g. Microsoft Word documents, PDF files, ZIP archives, and so on. At the time the malicious application initiates the encryption process, it might show users a fake system notification claiming the computer’s C: disk needs to be repaired, and it can take hours to do so.

The false notification should appear right after the threat restarts the victim’s computer. It may also instruct the user not to turn off the device because doing so could actually interrupt the infection and save the system from damage. Petya 2017 Ransomware should mark its encrypted files by placing .Locked extension at the end of their titles. Afterward the malware should not lock the screen, but it could replace your Desktop wallpapers to display a ransom note. The note is written not in English, and there are no options to translate the text. It asks the victim to make a payment of 0.8 BTC or approximately $2.127.

The ransom is rather large, and it is entirely possible the malware’s creators may take the money without providing promised decryption tools. Therefore, we advise you not to take any chances and erase the threat at once, although it will not be an easy task. Petya 2017 Ransomware modified Master boot record (MBR) so you could not boot into Windows. It means the computer could be unusable until you fix the MBR. The process might take some time and patience; we will explain it in detail in the first part of the removal guide located below the text.

After completing these steps, you could continue following the other part of instruction to find the malware’s launcher and get rid of the infection for good. Additionally, we would recommend scanning the system with a reputable antimalware tool as there could be threat’s leftovers on the system and to keep it protected there should not be any malicious data on it. In truth, you could use the antimalware tool instead of following the second part of instructions to erase the infection’s data with automatic tools if you prefer it more.

Fix Master boot record (MBR)

Windows XP

  1. Insert Windows XP CD.
  2. Press any key as instructed to boot from the CD.
  3. Press the R key after seeing a screen saying “Welcome to Setup”.
  4. Type 1 and click Enter when asked: “Which Windows installation would you like to log onto?”
  5. Enter your password when required and click Enter.
  6. Type fixmbr when asked: “Are you sure you want to write a new MBR?”
  7. Then press the Y key and click Enter.
  8. Tap Enter again and wait till MBR is fixed.
  9. Take the CD out.
  10. Type exit and click Enter to reboot the device.

Windows Vista

  1. Boot from Windows Vista CD/DVD.
  2. Pick the language and keyboard layout preferences.
  3. Select the Repair your computer option, pick the operating system and click Next.
  4. Choose Command Prompt, type the following commands into it and press Enter after each command:
    bootrec /FixMbr
    bootrec /FixBoot
    bootrec /RebuildBcd
  5. Provided the MBR was fixed you will see a confirmation.
  6. Take out the CD/DVD.
  7. Type Exit and click Enter to reboot the computer.

Windows 7

  1. Insert the Windows 7 DVD.
  2. Press any key as required to boot into the DVD.
  3. Choose language and keyboard layout preferences, then click Next.
  4. Pick the operating system, mark the Use recovery tools that can help fix problems starting Windows option and press Next.
  5. Wait for the System Recovery Options screen and select Command Prompt.
  6. Type in the following commands and click Enter after each one:
    bootrec /rebuildbcd
    bootrec /fixmbr
    bootrec /fixboot
  7. Take out the installation DVD and reboot the PC.

Windows 8/Windows 8.1/Windows 10

  1. Insert the installation DVD or recovery USB.
  2. Select the Repair your computer option.
  3. Pick Troubleshoot and select Command Prompt.
  4. Type the listed commands one by one and click Enter after typing each one of it:
    bootrec /FixMbr
    bootrec /FixBoot
    bootrec /ScanOs
    bootrec /RebuildBcd
  5. Take out the DVD or recovery USB.
  6. Type exit and click Enter.
  7. Restart the system.

Eliminate Petya 2017 Ransomware

  1. Press Windows Key+E.
  2. Navigate to the given paths:
    %TEMP%
    %USERPROFILE%\desktop
    %USERPROFILE%\downloads
  3. Locate the malware’s launcher and look for its copies.
  4. Right-click the infection’s launcher and its copies separately and press Delete.
  5. Exit your File Explorer.
  6. Empty the Recycle bin.
  7. Restart the system.

In non-techie terms:

Petya 2017 Ransomware can harm the system and make the user unable to boot into Windows as it could modify MBR (Master boot record). Not to mention the malicious application could damage user’s valuable data on the computer, e.g. pictures, photos, documents, archives, and so on. The threat’s creators might promise to give you decryption tools to recover your data, but in exchange, they would ask you to pay a ransom. Instead of putting up with their demands we advise fixing the MBR and removing the infection, even though doing so will not restore encrypted data and perhaps even prevent from doing so. Nonetheless, if you do not want to pay these cyber criminals for a tool, you may never receive we encourage you to follow the removal guide located above and delete this infection at once.