Typically, the ransomware has targeted HR departments in public agencies and private companies with false email applications containing a Dropbox download link. This link downloads an .exe file that proceeds to encrypt access to the victim’s computer unless — or so they claim — the victim agrees to pay a predetermined amount in bitcoins. In March 2017, a new ransomware strain called PetrWrap emerged - this one contained a patched version of the original Petya with several modifications.
Who is Petya targeting?
Petya is believed to be behind the massive ransomware attack that affected companies and organizations across the world in late June 2017. The most affected country in that attack was Ukraine, with the Kiev metro, the Ukrainian National Bank and several airports as some of its highest profile targets. Many multinational companies also reported being affected, such as Nivea, Maersk, WPP or Mondelez.
Where does Petya come from?
At this point in time, nobody really knows for sure. Companies and institutions all over the world — Russia, the United Kingdom, India, etc— have been affected, and right now it’s not possible to pinpoint Petya’s exact geographical origin.
How to recognize Petya ransomware?
When the victim clicks on the malicious .exe file they received as part of their download, the first clue that something is not right comes in the form of a Windows ‘blue screen of death’. Petya has started encrypting the master table file and will now display a warning screen — often a skull projected onto a red background — and a message demanding payment in bitcoins in exchange for returning access to the victim’s PC.
How to remove Petya ransomware?
Avast antivirus technology detects and removes Petya ransomware, as well as other kinds of malware. If your PC is infected with Petya, our antivirus will detect it, quarantine it and destroy it. If it detects Petya is trying to enter your computer, it will block it from getting in.
Unfortunately, there is no reliable Petya decryptor that works to recover files that have already been encrypted by the latest versions of Petya. This is why prevention is essential.
How to prevent Petya ransomware?
Petya managed to spread so far and wide, and at such speed, by exploiting Windows’ EternalBlue vulnerability. It is essential that you keep your Windows system updated with the latest security patches to avoid malware like Petya from sneaking into your system.
Once your files are encrypted, there is nothing you can do to get them back. Even submitting to the attackers’ criminal demands for payment would not guarantee that your files will be decrypted — they can just as easily take your money and run. Your best bet, therefore, is to stop Petya from getting into your PC in the first place.
Having an up-to-date antivirus installed in your PC is your first line of defense. Good online safety practices can go a long way in keeping you and your data secure — such as never opening suspicious email attachments, even if you know and trust the sender. If it looks or feels off, don’t risk it.