What is Petya?

Petya is a type of ransomware that has been active since at least March 2016. It’s different from other ransomware in that, rather than encrypting file after file, it stops access to the entire hard drive by encrypting the master file table (MFT) so that the file system becomes unreadable and Windows won't boot at all. Having said that, some of its versions encrypt both files and MFT — bottom line is, you can’t access what’s yours.

Typically, the ransomware has targeted HR departments in public agencies and private companies with false email applications containing a Dropbox download link. This link downloads an .exe file that proceeds to encrypt access to the victim’s computer unless — or so they claim — the victim agrees to pay a predetermined amount in bitcoins. In March 2017, a new ransomware strain called PetrWrap emerged - this one contained a patched version of the original Petya with several modifications.

Who is Petya targeting?

Petya is believed to be behind the massive ransomware attack that affected companies and organizations across the world in late June 2017. The most affected country in that attack was Ukraine, with the Kiev metro, the Ukrainian National Bank and several airports as some of its highest profile targets. Many multinational companies also reported being affected, such as Nivea, Maersk, WPP or Mondelez.

Where does Petya come from?

At this point in time, nobody really knows for sure. Companies and institutions all over the world — Russia, the United Kingdom, India, etc— have been affected, and right now it’s not possible to pinpoint Petya’s exact geographical origin.

How to recognize Petya ransomware?

When the victim clicks on the malicious .exe file they received as part of their download, the first clue that something is not right comes in the form of a Windows ‘blue screen of death’. Petya has started encrypting the master table file and will now display a warning screen — often a skull projected onto a red background — and a message demanding payment in bitcoins in exchange for returning access to the victim’s PC.

How to remove Petya ransomware?

Avast antivirus technology detects and removes Petya ransomware, as well as other kinds of malware. If your PC is infected with Petya, our antivirus will detect it, quarantine it and destroy it. If it detects Petya is trying to enter your computer, it will block it from getting in.

Unfortunately, there is no reliable Petya decryptor that works to recover files that have already been encrypted by the latest versions of Petya. This is why prevention is essential.

How to prevent Petya ransomware?

Petya managed to spread so far and wide, and at such speed, by exploiting Windows’ EternalBlue vulnerability. It is essential that you keep your Windows system updated with the latest security patches to avoid malware like Petya from sneaking into your system.

Once your files are encrypted, there is nothing you can do to get them back. Even submitting to the attackers’ criminal demands for payment would not guarantee that your files will be decrypted — they can just as easily take your money and run. Your best bet, therefore, is to stop Petya from getting into your PC in the first place.

Having an up-to-date antivirus installed in your PC is your first line of defense. Good online safety practices can go a long way in keeping you and your data secure — such as never opening suspicious email attachments, even if you know and trust the sender. If it looks or feels off, don’t risk it.

Use anti-malware to protect yourself

Petya is just one of the many strands of ransomware out there, and ransomware itself is only one of many kinds of malware that can harm your PC, your data and your security online. If you are looking for a thorough and comprehensive malware removal and prevention tool, Avast has got you covered — from the essential protection of our Free Antivirus, to the advanced security and performance features of Avast Premier.

Why Avast?
  • Consistently rated “excellent” by industry experts
  • Trusted by 400 million people worldwide
  • It’s the "Antivirus with the lowest impact on PC performance” (AV comparatives)
  • Best features - unbreakable password security, home network protection, browser cleaning and much more
  • All for FREE