Home » New Updates » How to Remove Petya Ransomware

Petya is a horrible ransom agent which encrypt your data and dpesn’t let you to access them until you decrypt them using a decryption key. It ask you to pay 0.9 Bitcoins or approximately US$380 in exchange of your file decryption. Often ransomware encrypt files, but this ransomware encrypts Master File Table on your hard drive and make even the entire device inaccessible And to decrypt your hard drive, it demands a good amount that you need to pay using specified payment websites.

Usually, Petya virus get installed on your computer along with the other malware infection, virus, or Trojan which remain bundled with free software programs offered by third-party vendors. It makes the uses of the flaws on your system as its entry point remain hidden to the most antivirus applications. It’ so powerful infection that once it gets there on the PC, it disables the running security program.

Petya may deny you to access your specific security program and their corresponding web pages if you want to download any such tool and utility in order to clean Petya ransomware. It also alters the desktop screen with a skull made with ASCII symbols and this screen has the instruction to purchase a key using a download link. This screen has the proper instructions to decrypt the hard drive.

Petya Randsome

If you’re system has got viruses and malware, System Restore of Windows may help you however, this action will not work to settle encrypted files’ problems. If your computer is running on Windows Vista/7 or later, perhaps ‘Previous Versions’ may help restore files from backup.

Important Note:

Different anti-malware and anti-virus applications may detect this infection with different manes or pattern according to its own pattern like Win32/Petya or Win64/Petya

How to Remove Petya Ransomware

As Ransomware files locate themselves deep into the system at multiple locations which are often not noticeable by the computer users. So it’s not enough for the scanning tool to detect such infection and remove it. To remove petya ransomware, you need a powerful virus removal software which can’t not only detect but also remove it from the registry.

Although it’s almost impossible to decrypt affected files because of the complexity of the encryption, but still there is a hope with methods like Shadow Explorer or Previous Version to recover your files. Therese methods are described below.

Stage 1: Scan the Computer with defencebyte AntiVirus Pro

Step 1

  1. Download the tool to scan for the malware
  2. Select appropriate version for your Windows System and save the file to a suitable location, preferably on Desktop.
  3. After the file is downloaded, Windows will prompt about its completion. Now click on the Run button to start the program. Otherwise, you can browse the location folder and double click on the file defencebyteAVPro.exe
  4. Once the installation starts, you must keep following the prompts to keep up with the installation process. Also make sure you don’t make any changes to default settings. The user must leave defencebyte AntiVirus Pro checked after the program has finally installed onto your system. Lastly press the Finish. If defencebytes prompts you to reboot the system, it is advised not to do so.
  5. defencebyte AntiVirus Pro will now begin and it will appear on your screen. Now there will be Scan button, click on that.

Note:  In case any update regarding defencebyte is available, the download and installation will automatically take place before performing the scan function.

  1. defencebyte AntiVirus Pro will now begin with the scanning your system for any kind of ransomwre, viruses, or malwares present in your computer. This step could take a while so you are requested to work on something else and keep checking up on the status from time to time.
  2. The ransomware, viruses, or malware will show up on your screen after defencebyte AntiVirus Pro is finished with scanning.
  3. Now the user need to press the Clean Now button to delete all the malware that showed up. While performing this step, defencebyte might require a reboot to be able to delete some of them. Please allow the reboot to take place if it appears on the screen. Please follow the onscreen steps to continue after the system has been rebooted and the user is logged in.
  4. You can now close defencebyte AntiVirus Pro.

It can be quite a task to get rid of Petya ransomware so follow the stage 2 instructions.

Stage 2: Remove leftover with Microsoft’s Malicious Software Removal Tool.

Follow the onscreen instructions for successful installation of the program and remove Petya’s remaining traces.

Otherwise you’ve three more options to try out to recover or decrypt your files.

Option 1: Windows Previous Version Tool

Microsoft has embedded a feature called Previous Versions in Windows Vista and Windows 7, but this tool will be beneficial if you have already made restore point to Petya virus infection. Follow the below written steps to use this tool and recover files affected by this ransomware:

  1. Open My Computer or Windows Explorer.
  2. Right-click on the affected folders or files. Scroll through the list and click on Restore previous versions.
  3. New window will display all backup copy of files and folders that you wanted to recover. Select the appropriate file and click on Open, Copy, or Restore. Restoring the files option overwrites the current encrypted files on the computer.

Option 2: Use ShadowExplorer to restore files which are encrypted by ransomware

It’s like Previous Version tool, which take advantage of shadow copy created by Windows. This tool let the computer user to retrieve older version of files before they were encrypted by ransomware.

  1. Go to the official web site of ShadowExplorer to download it.
  2. Install the program with the default settings.
  3. After installation, the program will run automatically and if it doesn’t, double-click on ShadowExplorer icon.
  4. On top of the console there will be drop-down list, from here please select proper drive and the most recent point-in-time shadow copies of files or folders that you want to restore prior to Petya infection.
  5. Now right-click on the Drive, Folder, or File you wish to restore and click Export…
  6. As soon as you click on export button, ShadowExplorer prompts to choose a location where you want to save the copy of recovered files. 

Option 3: Use Petya Sector Extractor Tool

There is a tool made to decrypt Peyta encrypted files developed by certain Fabian Worsar. It’s known as Petya Sector Extractor tool. To make the use of it, what you need to do is just take out the infected drive and attached it to an uninfected and working computer. Now download and run the tool to scan the drive and this step may provide you necessary details to decrypt the hard drive.