Select language
Avast Academy Security Ransomware What is Petya Ransomware, and Why is it so Dangerous?


It reared its ugly head in 2016, and a Petya-based ransomware attack resurfaced in June 2017. The Petya ransomware follows the same principle as the rest of its ilk — pay up the ransom these criminals demand, or lose access to your personal files — but unlike other kinds of ransomware that encrypt your files one by one, this one goes after your whole hard drive.


What is Petya?

Petya is a type of ransomware that has been active since at least March 2016. It’s different from other ransomware in that, rather than encrypting file after file, it stops access to the entire hard drive by encrypting the master file table (MFT) so that the file system becomes unreadable and Windows won't boot at all. Having said that, some of its versions encrypt both files and MFT — bottom line is, you can’t access what’s yours.

Hamburguer menu icon

This article contains:

    Typically, the ransomware has targeted HR departments in public agencies and private companies with false email applications containing a Dropbox download link. This link downloads an .exe file that proceeds to encrypt access to the victim’s computer unless — or so they claim — the victim agrees to pay a predetermined amount in bitcoins. In March 2017, a new ransomware strain called PetrWrap emerged - this one contained a patched version of the original Petya with several modifications.

    Who is Petya targeting?

    Petya is believed to be behind the massive ransomware attack that affected companies and organizations across the world in late June 2017. The most affected country in that attack was Ukraine, with the Kiev metro, the Ukrainian National Bank and several airports as some of its highest profile targets. Many multinational companies also reported being affected, such as Nivea, Maersk, WPP or Mondelez.

    Where does Petya come from?

    At this point in time, nobody really knows for sure. Companies and institutions all over the world — Russia, the United Kingdom, India, etc— have been affected, and right now it’s not possible to pinpoint Petya’s exact geographical origin.

    How to recognize Petya ransomware?

    When the victim clicks on the malicious .exe file they received as part of their download, the first clue that something is not right comes in the form of a Windows ‘blue screen of death’. Petya has started encrypting the master table file and will now display a warning screen — often a skull projected onto a red background — and a message demanding payment in bitcoins in exchange for returning access to the victim’s PC.

    Petya Ransomware

    Petya Ransomware 2

    How to remove Petya ransomware?

    Avast antivirus technology detects and removes Petya ransomware, as well as other kinds of malware. If your PC is infected with Petya, our antivirus will detect it, quarantine it and destroy it. If it detects Petya is trying to enter your computer, it will block it from getting in.

    Unfortunately, there is no reliable Petya decryptor that works to recover files that have already been encrypted by the latest versions of Petya. This is why prevention is essential.

    How to prevent Petya ransomware?

    Petya managed to spread so far and wide, and at such speed, by exploiting Windows’ EternalBlue vulnerability. It is essential that you keep your Windows system updated with the latest security patches to avoid malware like Petya from sneaking into your system.

    Once your files are encrypted, there is nothing you can do to get them back. Even submitting to the attackers’ criminal demands for payment would not guarantee that your files will be decrypted — they can just as easily take your money and run. Your best bet, therefore, is to stop Petya from getting into your PC in the first place.

    Having an up-to-date antivirus installed in your PC is your first line of defense. Good online safety practices can go a long way in keeping you and your data secure — such as never opening suspicious email attachments, even if you know and trust the sender. If it looks or feels off, don’t risk it.


    Protect your iPhone from threats
    with free Avast Mobile Security


    Protect your Android from threats
    with free Avast Mobile Security