Petna Ransomware can be described as a lethal computer virus – ransomware. The main goal of it is to steal your important files and then ask you to pay a certain amount of money to get them back. And by ‘stealing’ we mean encrypting – adding an extension to the end of the name of every single file and making them unavailable this way.
While most of ransomware infections are distributed as an attachment to spam emails, this one is different and way too dangerous – it can infect your computer remotely, without you even doing anything wrong. Petna Ransomware is distributed using the EternalBlue exploit – Windows operating system has a vulnerability and cyber criminals are the ones to take advantage of it. Windows OS can be tricked and accept special packets of ‘updates’ and while you think that your system is being repaired or updated, the virus uses Master Boot Record (MBR) and infects your computer.
The processes of this virus looks like this – it infects and restarts the computer immediately, then modifies MBR and starts creating tasks to imitate the process of computer repair – the system is set to restart at fixed periods of time and display a message in-between that says:
WARNING: DO NOT TURN OFF YOUR PC! IF YOU ABORT THIS PROCESS, YOU COULD DESTROY ALL OF YOU DATA! PLEASE ENSURE THAT YOUR POWER CABLE IS PLUGGED IN!
This whole process is completely fake – it’s just a way to trick users and distract from the idea of turning of the computer. During that time, Petna Ransomware scans files stored on the hard drive and locks most of them. It can lock files of various file type, such as.3ds, .7z, .accdb, .ai, .asp, .aspx, .avhd, .ovf, .pdf, .php, .pmf, .ppt, .pptx, and .pst and much more. Basically, it can corrupt most of your important files like pictures or text documents. Once this is done, your PC will restart one more time and you will be displayed a screen with a skeleton on it and a suggestion to ‘press any key’. Immediately after that you will see a screen lock with instructions what to do and it looks like this:
You are asked to pay a ransom in Bitcoins in order to receive the key that would allow you to unlock files. In addition to that, you are threatened that if you fail to pay the ransom within 7 days, it would be doubled. However, we do not recommend to pay the ransom because even if you do so, there are no guarantees that you will receive your files. In addition to that, you would support cyber criminals this way and that’s not a good thing to do.
This ransomware is just a different version of Petya Ransomware, yet it features some similar traits. If your files are infected by this virus, you might try to encrypt them with Leostone tool.
In case you are wondering how to protect your system from infection like this, you need to update your Windows operating system (if it is not already updated). We have already mentioned that ransomware from Petya family enters system by using vulnerability where SMBv1 server of Microsoft Windows accepts files remotely from unknown sources. To fix this, you should run a newest Windows Update or download and instal MS17-010 patch.
Petna Ransomware quicklinks
- Automatic Malware removal tools
- How to recover Petna Ransomware encrypted files and remove the virus
- Step 1. Restore system into last known good state using system restore
- 1. Reboot your computer to Safe Mode with Command Prompt:
- 2.Restore System files and settings.
- Step 4. Use Data Recovery programs to recover Petna Ransomware encrypted files
Automatic Malware removal tools
(Win)
Note: Spyhunter trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions,
(Mac)
Note: Combo Cleaner trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions, Refund Policy ,
How to recover Petna Ransomware encrypted files and remove the virus
Step 1. Restore system into last known good state using system restore
1. Reboot your computer to Safe Mode with Command Prompt:
for Windows 7 / Vista/ XP
- Start → Shutdown → Restart → OK.
- Press F8 key repeatedly until Advanced Boot Options window appears.
- Choose Safe Mode with Command Prompt.
for Windows 8 / 10
- Press Power at Windows login screen. Then press and hold Shift key and click Restart.
- Choose Troubleshoot → Advanced Options → Startup Settings and click Restart.
- When it loads, select Enable Safe Mode with Command Prompt from the list of Startup Settings.
2.Restore System files and settings.
- When Command Prompt mode loads, enter cd restore and press Enter.
- Then enter rstrui.exe and press Enter again.
- Click “Next” in the windows that appeared.
- Select one of the Restore Points that are available before Petna Ransomware has infiltrated to your system and then click “Next”.
- To start System restore click “Yes”.
Step 2. Complete removal of Petna Ransomware
After restoring your system, it is recommended to scan your computer with an anti-malware program, like Spyhunter and remove all malicious files related to Petna Ransomware. You can check other tools here.Step 3. Restore Petna Ransomware affected files using Shadow Volume Copies
If you do not use System Restore option on your operating system, there is a chance to use shadow copy snapshots. They store copies of your files that point of time when the system restore snapshot was created. Usually Petna Ransomware tries to delete all possible Shadow Volume Copies, so this methods may not work on all computers. However, it may fail to do so. Shadow Volume Copies are only available with Windows XP Service Pack 2, Windows Vista, Windows 7, and Windows 8. There are two ways to retrieve your files via Shadow Volume Copy. You can do it using native Windows Previous Versions or via Shadow Explorer. a) Native Windows Previous Versions Right-click on an encrypted file and select Properties → Previous versions tab. Now you will see all available copies of that particular file and the time when it was stored in a Shadow Volume Copy. Choose the version of the file you want to retrieve and click Copy if you want to save it to some directory of your own, or Restore if you want to replace existing, encrypted file. If you want to see the content of file first, just click Open.b) Shadow Explorer It is a program that can be found online for free. You can download either a full or a portable version of Shadow Explorer. Open the program. On the left top corner select the drive where the file you are looking for is a stored. You will see all folders on that drive. To retrieve a whole folder, right-click on it and select “Export”. Then choose where you want it to be stored.
Step 4. Use Data Recovery programs to recover Petna Ransomware encrypted files
There are several data recovery programs that might recover encrypted files as well. This does not work in all cases but you can try this:- We suggest using another PC and connect the infected hard drive as slave. It is still possible to do this on infected PC though.
- Download a data recovery program.
- Install and scan for recently deleted files.