Petya Ransomware Removal and Protection


To do Petya ransomware removal, switch off power supply, disconnect network, block port 445/139, backup key files, install Windows March patchMS17-010


  • Total Hits - 856

  • Total Votes - 0 votes

  • Vote Up - 0 votes

  • Vote Down - 0 votes

  • Domain -

  • Category - Customer Care/Customer Care

  • Submitted By - Helen Green

  • Submitted on - 2018-03-23 08:39:55


Yes, ransomware comes back again on June 27, 2017! This is the third (the first two are WannaCry and EternalRocks; some people may regard it as the second for they do not count the EternalRocks in for its little influence) virus of the last two months. Seems like this is a season for seeding ransomware viruses.\r\n\r\nAbout Petya Malware\r\nPetya, also called Petna or Pneytna due to tongue-in-cheek or GlodenEye, is another ransomware spreading through network exploit the Windows ExternalBlue vulnerability and blackmail $ 300 in Bitcoin. A lot of organizations in Europe and the US has been infected by data encrypted up, including advertiser WPP, food company Mondelez, legal firm DLA Piper and Danish shipping & transport firm Maersk. Seems very like WannaCry but not actually is. Compared with WannaCry, it has pros and cons.\r\n\r\nPros: Petya ransomware virus not only attack computers through Windows ExternalBlue vulnerability, but also by two Windows administrative tools (PSEXEC or WMIC). It try one option to attack first. If it does not work, then it will try the other way. It has better spreading mechanism than WannaCry.\r\n\r\nCons:Stupid payment mechanism. The Petya ransomware virus create same payment address for all victims, which can be traced. And, it asks victims to communicate with the hackers via a single email address which has already been suspended by the email provider. (So, do not pay the money if you are affected for you even can’t contact the attackers now.)\r\n\r\nPetya malware has more clear targets – large companies or organizations. It is said that the virus has been seeded through a software update mechanism built into an accounting program that companies working with the Ukrainian government need to use. So, the most victims are Ukrainian organizations, including state power utilities, government, banks. It spreads internally within networks but not externally. This spreading mechanism also makes Petya ransomware virus easier to be controlled down.\r\n\r\nHow Does Petya Malware Infect Your Computer?\r\nOnce it gets on your computer, it takes 10 - 60 minutes (randomly) before it starts encrypting your data. To encrypt computer files, it will first reboot the computer. Therefore, while it restarting the computer, switch off the power and disconnect from Internet, then, you can achieve Petya ransomware removal.\r\n\r\nIf you missed the chance to power off your machine and it reboot successfully, Petya ransomware virus will check for the read-only file C:\\\\Windows\\\\perfc.dat. If it finds this file on your computer, it won’t run encryption to personal files. Though this is not 100% true, you can try to create this file into your system files to avoid attacking.\r\n\r\nPetya Ransomware Removal\r\nIf you are already infected by Petya malware and your crucial files are encrypted, you can try some antivirus software to do Petya ransomware fix. Or, you can first rescue your data by backup/move them out while boot from a rescue bootable media.\r\n\r\nTo create a bootable media (bootable USB is recommended for USB is convenient to be transferred among computers), first of all, find an available USB, which has no important data on it or whose crucial data has been backed up, and insert it into an unaffected computer.\r\n\r\n1. Download, install and open AOMEI Backupper Free (especially for ransomware WannaCry) to the unaffected machine. When it opens, in its window, select “Create Bootable Media”.\r\n\r\nCreate Bootable Media\r\n\r\n2. Then, this program will value whether your current system support make a bootable device. Most OS are certificated. If your system does not support, it may requires you to download Windows ADK/AIK, just follow its instructions and make operating system certificated.\r\n\r\nCreate Bootable Media Certification \r\n\r\n3. Choose “USB Bootable Device” and click “Next”.\r\n\r\nCreate Bootable USB\r\n\r\n4. Wait for it finishes and pull out the USB flash drive.\r\n\r\nTip: While making the bootable USB, AOMEI Backupper Free has been packed into the bootable device. Then, you can directly use it to carry out Petya ransomware removal after the infected computer been booted up by the USB drive.\r\n\r\n5. Connect the bootable USB into the infected machine and reboot it manually. Before it restart into its own system, enter into BIOS and change boot sequence and let it boot from the USB.\r\n\r\n6. When it successfully boots from the USB disk, AOMEI Backupper Free will automatically pops up with the follow interface. Select “I Want to Backup Data” to go on.\r\n\r\nCreate Bootable Media\r\n\r\n7. Choose “File Backup” to continue. You can also select “Partition Backup” if the whole partition data is what you want and it is non-system partition.\r\n\r\nFile Backup\r\n\r\n8. Choose all the files you want to move out of the infected computer.\r\n\r\nSelect Files to Backup\r\n\r\n9. Insert an external storage device to the infected computer (eg. another USB) as data backup destination. You might save backup image into the bootable USB device.\r\n\r\nBackup Destination\r\n\r\n10. “Start Backup” and wait for it completes. Then, pull out both the bootable USB and the external image storage. Next, you may restore the backed out files to a working computer to seek for further Petya ransomware decrypt.\r\n\r\nHow to Protect Yourself from Petya Ransomware Virus?\r\nSince Petya malware spreads through Windows EternalBlue vulnerability and two Windows administrative tools, we can prevent its infection by doing the following actions similar to defending WannaCry.\r\n\r\n1. Disconnect Network and block port 445/139 (Control Panel > Advanced settings > Inbound Rules > New Rule > Port > Specific local ports: 445/139 > Block the connection > Next > Finish) to avoid further infection.\r\n\r\n2. Make a backup of your key files to external device, network share, NAS or cloud drive. You can still make use of AOMEI Backupper Free to do backup work here.\r\n\r\n3. Get a reliable antivirus software to detect and protest against future attacks by Petya ransomware virus, such as Windows Defender Advanced Threat Protection, Symantec and Kaspersky who claim to have updated to be capable of spotting the cyber attack.\r\n\r\n4. Install the vulnerability patch released by Microsoft in March and keep Windows up to data.\r\n\r\n5. Form a good habit of avoid opening unsafe websits.\r\n\r\nConclusion and Warning\r\nAccording to some Security researchers, Petya is just a destructive, particularly to the Ukrainian government program but masquerade as ransomware. This makes me can’t help thinking further; if someday the nowadays terrorists attack by cyber weapons (ransomware, malware, virus, Trojan, etc.) instead of real weapons (like guns, bombs and knives), what can it be? Then, no human beings get physical injured, but great financial loss are caused, public service system get paralyzed, secret documents are leaked, etc. what should we do at that moment?\r\n\r\nAntivirus work is not only the task of government network security centers or network operators, but also the duty of every netizen. To create a safe and clear network environment, everyone is included!\r\n\r\n

Source Website

Please use the following link to visit the site. There is a possibility that this content has been removed from the given URL or may be this site has been shut down completely.

Broken  |   Save  |   Liked  |   Down