Petya Ransomware DescriptionType: Ransomware
The Petya Ransomware is used to take over the victims' computers, encrypting their files and then demanding the payment of a ransom to restore the affected files. The Petya Ransomware is just one of countless ransomware attacks that have appeared in 2016 so far. There are diverse reasons for the rise in ransomware infections like the Petya Ransomware. Some of these include the release of TeslaCrypt 3.0, which fixed a bug that allowed malware researchers to create a decryption utility, and the rise of the RaaS (Ransomware as a Service) industry, which allows fraudsters to create and deliver ransomware threats easily. The Petya Ransomware presents a real threat to a computer user, making the encrypted files inaccessible until the victim pays the ransom. In the best of cases, the victims of the Petya Ransomware can restore their files from a backup after wiping the affected hard drive completely. Because of this, the best protection against the Petya Ransomware and similar threats is always to maintain reliable backups of all files.
How can You be Attacked by the Petya Ransomware and Similar Encryption Ransomware Trojans
It is not hard to predict how the Petya Ransomware attack works; most ransomware Trojans follow the same basic strategy (and in many cases, share a majority of their codes). The Petya Ransomware may be delivered using corrupted email messages containing embedded links or compromised email attachments. When computer users open these attached files, the Petya Ransomware runs in the background, scanning the victim's hard drive in search for any files with extensions matching a list of file extensions contained in its configuration files. By only targeting a specific set of file extensions, threats like the Petya Ransomware can encrypt the victim's files but still allow the affected computer to continue functioning and display the Petya Ransomware's ransom note. The following are some examples of file formats that the Petya Ransomware and similar ransomware threats target (new file extensions may be added to this list in each new update):
.7z; .rar; .m4a; .wma; .avi; .wmv; .csv; .d3dbsp; .sc2save; .sie; .sum; .ibank; .t13; .t12; .qdf; .gdb; .tax; .pkpass; .bc6; .bc7; .bkp; .qic; .bkf; .sidn; .sidd; .mddata; .itl; .itdb; .icxs; .hvpl; .hplg; .hkdb; .mdbackup; .syncdb; .gho; .cas; .svg; .map; .wmo; .itm; .sb; .fos; .mcgame; .vdf; .ztmp; .sis; .sid; .ncf; .menu; .layout; .dmp; .blob; .esm; .001; .vtf; .dazip; .fpk; .mlx; .kf; .iwd; .vpk; .tor; .psk; .rim; .w3x; .fsh; .ntl; .arch00; .lvl; .snx; .cfr; .ff; .vpp_pc; .lrf; .m2; .mcmeta; .vfs0; .mpqge; .kdb; .db0; .DayZProfile; .rofl; .hkx; .bar; .upk; .das; .iwi; .litemod; .asset; .forge; .ltx; .bsa; .apk; .re4; .sav; .lbf; .slm; .bik; .epk; .rgss3a; .pak; .big; .unity3d; .wotreplay; .xxx; .desc; .py; .m3u; .flv; .js; .css; .rb; .png; .jpeg; .txt; .p7c; .p7b; .p12; .pfx; .pem; .crt; .cer; .der; .x3f; .srw; .pef; .ptx; .r3d; .rw2; .rwl; .raw; .raf; .orf; .nrw; .mrwref; .mef; .erf; .kdc; .dcr; .cr2; .crw; .bay; .sr2; .srf; .arw; .3fr; .dng; .jpeg; .jpg; .cdr; .indd; .ai; .eps; .pdf; .pdd; .psd; .dbfv; .mdf; .wb2; .rtf; .wpd; .dxg; .xf; .dwg; .pst; .accdb; .mdb; .pptm; .pptx; .ppt; .xlk; .xlsb; .xlsm; .xlsx; .xls; .wps; .docm; .docx; .doc; .odb; .odc; .odm; .odp; .ods; .odt.
The Petya Ransomware searches for the above files and then encrypts them using an AES encryption algorithm (in its ransom message, the Petya Ransomware claims that it has used 'military grade' encryption to make it sound scarier). The Petya Ransomware delivers a variety of ransom notes in the form of dropped image, text and HTML files. The Petya Ransomware also displays pop-up messages, redirects the affected Web browser to a ransom note Web page, and changes the victim's Desktop image into the ransom note. The ransom note alerts the victims about the attack and instructs them to visit a certain Darknet website to carry out the payment through anonymous methods such as BitCoin or PaySafeCard. PC security analysts advise computer users to avoid paying the Petya Ransomware's ransom since this allows the people responsible for the Petya Ransomware to finance their illicit activities and continue producing these threats.
File System Details
|#||File Name||MD5||Detection Count|
This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.