Jul 4, 2017

New Petya Ransomware Virus Asks For $300 Bitcoin to Unlock PC

New Petya Ransomware virus asks For $300 Bitcoin to unlock PC. What should I do? All of my files have been encrypted. They are very important for me, but I don’t have $ 300. Please help me get rid of the virus! It is emergency!

Brief Information of Petya Ransomware Virus

The new Petya ransomware virus attacked laptops in many countries and regions on June 27, 2017 which was a large scale of worldwide cyberattack. As its name, the ransomware takes over the computer screen and demands an amount of money to release. According to the report, the virus is spreading at a rapid speed to attack organizations in Ukraine Russia, Europe, and the United States etc. Among those countries, the Ukraine becomes the epicenter of the damage. Almost 60% of the infected laptops are located in Ukraine. Just like the WannaCry ransomware, it is able to spread quickly via the Network in a short time. According to the research, the Petya ransomware can go further than its developer designed. Once the virus is released, it may be out of control. So far, many users lost files and money.

How Petya Ransomware Virus Works?

The Petya Ransomware virus has been seeded through a software update mechanism built into an accounting program that companies working with the Ukrainian government need to use. This is why Ukrainian government and many other organizations and schools have been attacked. The cyber criminals make use of the EternalBlue vulnerability in Microsoft Windows or through two Windows administrative tools. Though Microsoft has released a patch, but not everyone noticed and installed it. The ransomware virus mainly targets on official document, business files and other precious data to make sure that the victims will pay the ransom.
Sometimes, the Petya ransomware virus encrypts your files silently and quickly. You will not know about that until you can’t open the files. It tells that your files have been encrypted and you have to pay $ 300 in Bitcoin to have the files back. Sometimes, you can see the process while the virus tells you that it is repairing the system. If you see the repairing process with the black background, you have to turn off the computer. Your files will not be encrypted if you stop it in time.
If your computer system reboots with the ransom note, don’t pay the ransom as it requires. Most ransomware viruses under the radar collect payouts quietly from organizations and persons who are eager to get their data back and decrypt files on infected system as payments come in. However, it seems that the Petya is incapable of decrypting the infected computer. The email address provided on the ransomware note has been shut down once the note appears. Therefore, there’s no way to get the decryption key to unlock your files anyway. We suggest you disconnect your computer from the internet and remove the Petya Ransomware virus as soon as possible.
The massive ransomware attack was started for money. The hackers collect money by making people pay ransom and stealing valuable information. Though there was something wrong with the payment system, the Petya ransomware virus was still collecting credentials and other data from infected computer, which could be valuable fodder for future attacks. Your sensitive information and data are at considerable risk.

New Petya Ransomware virus asks For $300 Bitcoin to unlock PC. How to remove Petya Ransomware virus?

Manual Removal Guides:

Removing the Petya Ransomware virus seems to be difficult for ordinary computer users, even those famous antivirus programs cannot do that successfully. Hence, manual removal can ensure that the stubborn virus will be gone completely. As mentioned above, manual removal needs professional knowledge, because the lack of experience may cause errors resulting in some other unpredictable problems. The following guide provides a general concept of the removal. You may not be able to find out some certain files for the virus can be changed. If you fear the loss of important data, please consider making a backup before starting the removal.

1. Restart the Infected Computer into Safe Mode with Networking

(* Usually the malware will be temporarily disabled in Safe Mode which will provide users a chance to get this problem fixed. If you are still getting the virus popup in safe mode with networking, please try safe mode with command prompt instead.)

Restart your computer, immediately, quickly and repeatedly hit F8 key before the Windows start-up screen shows. Select “Safe Mode with Networking”, and then press Enter key.

2. Stop the Processes Related to the Petya Ransomware virus in Windows Task Manager

Press Ctrl+Shift+Esc keys together and end the virus processes in the Processes tab of Windows Task Manager.

3. Show Hidden Files

(1). Press Win+R to get Run window

(2). Type Control Panel in the Run window and hit enter to get Control Panel

(3). Click on Appearance and Personalization

(3). Click on Folder Options

(4). Click on View tab in Folder Options window

(5). Tick Show hidden files, folders, and drives under Hidden files and folders tab

(6). Click Apply to take effect, then click OK at the bottom of the Folder Options window

4. Delete Virus Files

(1). Using Registry Editor to delete or adjust all the related registry entries of Petya Ransomware virus.

*Guides to open Registry Editor:

Press Win+R key together to get the Run box, type in ‘regedit’ then click OK, Registry Editor window will pop up

(2). Find out and remove the associated files of this fake Antivirus

Video Shows You How to Safely Modify Windows Registry Editor:


There is no doubt that the Petya ransomware virus is very nasty and aggressive. It encrypts your important files after it sneaks into the system. It is a huge loss if the virus attacks government, school and other important organization. Though the experts have been trying to decrypt the infected computers in the past few days, it is still almost impossible to take the files back. That means you can’t take your precious files back so far once they have been encrypted. Some of you may try to pay $ 300 in Bitcoin because the files are very important. However, how will you contact the hackers after you make the payment. The provided email address can’t help you deliver your message. How can you make sure that they will decrypt your files? The most important for you now is to get rid of the Petya ransomware virus before it encrypts more files to avoid more loss. Besides, we suggest you back up your files regularly. The ransomware virus is changing all the time. It becomes more and more aggressive and powerful. It is very necessary to protect your files well.

Can’t remove the virus and are afraid of making any critical mistakes damaging your computer? please contact YooCare Expert for further removal help.

Published by & last updated on July 4, 2017 2:51 am

Leave a Reply

Your email address will not be published.

Problems with your PC, Mac or mobile device?

Live Chat Now

Thanks for using YooCare Services!

Here're some of the support team members who are passionate about their works and support our customers 24/7.

As Seen On