How to Recover Files Encrypted by Petya Ransomware?

by Gabriel E. Hall - -

Question

Issue: How to Recover Files Encrypted by Petya Ransomware?

Please help! My all files were encrypted by Petya ransomware, and I haven’t heard about any decryption tools so far. Does this mean that it is impossible to decrypt files encrypted by Petya? Needless to say, these records mean the world to me…

Solved Answer

Decrypt Petya Ransomware

Petya is a file-encrypting virus that belongs to ransomware category. It first emerged in 2016; however, it attracted the most media attention after the 2017 cyber attack that primarily targeted Ukraine.

According to experts, the cyber criminals used the same Windows SMBv1 vulnerability that the infamous WannaCry ransomware used. Microsoft has already patched the vulnerability, however, many computer users failed to install the update in time. Petya ransomware encrypts all files on the system and demands $300 from the victim, promising to provide the decryption key in return.

The ransomware has compromised computer networks of companies such as “Rosneft” (Russian oil giant), “Kyivenergo,” “Ukrenergo,” National Bank of Ukraine, Oschadbank, and many others.

However, we must point out that Petya virus that was used in 2017 cyber attack slightly differs from the previous and original virus’ versions. After the Petya-based ransomware outbreak in June, the author of the original Petya variants known as Janus released the master decryption key, which now can be used to decrypt files locked by Red Petya, Green Petya, and Mischa. Using the published key, a security researcher known as Hasherezade has created a free decryption tool.

According to the researcher, certain Petya versions function in a slightly different way. The virus either encrypts Master File Table or cripples all files on the computer like a traditional ransomware virus. Luckily, there is no difference which method the virus used on your computer – the Petya Decryptor works for both cases.

Before you start decrypting your files, we must warn you to create an extra backup of the encrypted data and store it somewhere safe. The reason why we advise doing so is that the virus may hang during the data recovery procedure, and that can cause permanent damage to encrypted files.

Recover Files Encrypted By Petya Ransomware For Free

Recover now! Recover now!
To recover needed system components, please, purchase the licensed version of Reimage Reimage recovery tool.
  1. Find the ransom note that the ransomware left of your computer. It should be called YOUR_FILES_ARE_ENCRYPTED.TXT. Copy the personal decryption code (a lengthy set of numbers and letters).
  2. Now, create a text file on your desktop. Simply right click anywhere on the screen and choose New > Text Document.
  3. Name the file as id (the full filename should be id.txt), open it and paste the personal decryption code in the file. Click File > Save.
  4. Now download and launch the key decryptor to decrypt victim’s ID.
  5. Copy the decrypted key and download Mischa or GoldenEye decryptor.
  6. Open the ransomware decryptor and click select to select one encrypted file from your PC.
  7. Paste the decryption key you just obtained. Repeat it to confirm. You might want to select the Backup encrypted files option. Click Decrypt.
  8. Now, check if the file was successfully decrypted. If yes, then use the same decryption key for all encrypted files. You can shorten the process by giving the decryptor the extension that the ransomware appended to all your files. The decryption tool will automatically find all encrypted files.

Optional: You can use an ISO file to read the victim’s ID from the encrypted computer. You can download it here. Launch the program and follow the provided instructions.

To remove remains of ransomware and to restore corrupted system files, we highly recommend using Reimage software. It will eliminate all malware remains and freshen up your computer so that you could use it without worries again.

Recover files and other system components automatically

To recover your files and other system components, you can use free guides by ugetfix.com experts. However, if you feel that you are not experienced enough to implement the whole recovery process yourself, we recommend using recovery solutions listed below. We have tested each of these programs and their effectiveness for you, so all you need to do is to let these tools do all the work.

Offer
do it now!
Download
recovery software Happiness
Guarantee
do it now!
Download
recovery software Happiness
Guarantee
Compatible with Microsoft Windows Compatible with OS X
Do you have any trouble?
If you are having problems related to Reimage, you can reach our tech experts to ask them for help. The more details you provide, the better solution they will provide you.
Reimage - a patented specialized Windows repair program. It will diagnose your damaged PC. It will scan all System Files, DLLs and Registry Keys that have been damaged by security threats.Reimage - a patented specialized Mac OS X repair program. It will diagnose your damaged computer. It will scan all System Files and Registry Keys that have been damaged by security threats.
This patented repair process uses a database of 25 million components that can replace any damaged or missing file on user's computer.
To repair damaged system, you have to purchase the licensed version of Reimage malware removal tool.

Prevent websites, ISP, and other parties from tracking you

Private Internet Access is a VPN that can prevent your Internet Service Provider, the government, and third-parties from tracking your online and allow you to stay completely anonymous. The software provides dedicated servers for torrenting and streaming, ensuring optimal performance and not slowing you down. You can also bypass geo-restrictions and view such services as Netflix, BBC, Disney+, and other popular streaming services without limitations, regardless of where you are.

A VPN is also crucial when it comes to user privacy. Online trackers such as cookies can not only be used by social media platforms and other websites but also your Internet Service Provider and the government. Even if you apply the most secure settings via your web browser, you can still be tracked via apps that you are connected to the internet. Besides, privacy-focused browsers like Tor is are not an optimal choice due to diminished connection speed.

Therefore, to stay completely anonymous and prevent the ISP and the government from spying on you, you should employ Private Internet Access VPN. It will allow you to connect to the internet while being completely anonymous, prevent trackers, ads, as well as malicious content. Most importantly, you will prevent the illegal surveillance activities that NSA and other governmental institutions are performing behind your back.

 

Recover your lost files quickly

Unforeseen circumstances can happen at any time while using the computer: it can turn off due to a power cut, a Blue Screen of Death (BSoD) can occur, or random Windows updates can decide to reboot the machine when you went away for a few minutes. As a result, your schoolwork, important documents, and other data might be lost.

Additionally, you might also be attacked by malware that can corrupt your Windows or encrypt files with a robust encryption algorithm, and ask for a ransom in Bitcoin for the decryption tool. Cybercriminals might not deliver what they promised, however, so it is better to attempt alternative file recovery methods that could help you to retrieve at least some portion of the lost data.

Data recovery software is one of the options that could help you recover your files. Once you delete a file, it does not vanish into thin air – it remains on your system as long as no new data is written on top of it. Data Recovery Pro is recovery software that searchers for working copies of deleted files within your hard drive. By using the tool, you can prevent loss of valuable documents, school work, personal pictures, and other crucial files.

About the author
Gabriel E. Hall
Gabriel E. Hall - Passionate computer expert

Gabriel E. Hall is an expert troubleshooter who has been working in the information technology industry for years.

Contact Gabriel E. Hall
About the company Esolutions

Read in other languages

What you can add more about the problem: "How to Recover Files Encrypted by Petya Ransomware?"