How to Recover Files Encrypted by Petya Ransomware?


Issue: How to Recover Files Encrypted by Petya Ransomware?

Please help! My all files were encrypted by Petya ransomware, and I haven’t heard about any decryption tools so far. Does this mean that it is impossible to decrypt files encrypted by Petya? Needless to say, these records mean the world to me…

Solved Answer

Decrypt Petya Ransomware

Petya is a file-encrypting virus that belongs to ransomware category. It first emerged in 2016; however, it attracted the most media attention after the 2017 cyber attack that primarily targeted Ukraine.

According to experts, the cyber criminals used the same Windows SMBv1 vulnerability that the infamous WannaCry ransomware used. Microsoft has already patched the vulnerability, however, many computer users failed to install the update in time. Petya ransomware encrypts all files on the system and demands $300 from the victim, promising to provide the decryption key in return.

The ransomware has compromised computer networks of companies such as “Rosneft” (Russian oil giant), “Kyivenergo,” “Ukrenergo,” National Bank of Ukraine, Oschadbank, and many others.

However, we must point out that Petya virus that was used in 2017 cyber attack slightly differs from the previous and original virus’ versions. After the Petya-based ransomware outbreak in June, the author of the original Petya variants known as Janus released the master decryption key, which now can be used to decrypt files locked by Red Petya, Green Petya, and Mischa. Using the published key, a security researcher known as Hasherezade has created a free decryption tool.

According to the researcher, certain Petya versions function in a slightly different way. The virus either encrypts Master File Table or cripples all files on the computer like a traditional ransomware virus. Luckily, there is no difference which method the virus used on your computer – the Petya Decryptor works for both cases.

Before you start decrypting your files, we must warn you to create an extra backup of the encrypted data and store it somewhere safe. The reason why we advise doing so is that the virus may hang during the data recovery procedure, and that can cause permanent damage to encrypted files.

Recover Files Encrypted By Petya Ransomware For Free

Recover now!
To recover needed system components, please, purchase the licensed version of Fortect recovery tool.
  1. Find the ransom note that the ransomware left of your computer. It should be called YOUR_FILES_ARE_ENCRYPTED.TXT. Copy the personal decryption code (a lengthy set of numbers and letters).
  2. Now, create a text file on your desktop. Simply right click anywhere on the screen and choose New > Text Document.
  3. Name the file as id (the full filename should be id.txt), open it and paste the personal decryption code in the file. Click File > Save.
  4. Now download and launch the key decryptor to decrypt victim’s ID.
  5. Copy the decrypted key and download Mischa or GoldenEye decryptor.
  6. Open the ransomware decryptor and click select to select one encrypted file from your PC.
  7. Paste the decryption key you just obtained. Repeat it to confirm. You might want to select the Backup encrypted files option. Click Decrypt.
  8. Now, check if the file was successfully decrypted. If yes, then use the same decryption key for all encrypted files. You can shorten the process by giving the decryptor the extension that the ransomware appended to all your files. The decryption tool will automatically find all encrypted files.

Optional: You can use an ISO file to read the victim’s ID from the encrypted computer. You can download it here. Launch the program and follow the provided instructions.

To remove remains of ransomware and to restore corrupted system files, we highly recommend using FortectMac Washing Machine X9 software. It will eliminate all malware remains and freshen up your computer so that you could use it without worries again.

Recover files and other system components automatically

To recover your files and other system components, you can use free guides by experts. However, if you feel that you are not experienced enough to implement the whole recovery process yourself, we recommend using recovery solutions listed below. We have tested each of these programs and their effectiveness for you, so all you need to do is to let these tools do all the work.

do it now!
recovery software Happiness
Compatible with Microsoft Windows
Do you have any trouble?
If you are having problems related to Fortect, you can reach our tech experts to ask them for help. The more details you provide, the better solution they will provide you.
Fortect - a patented specialized Windows repair program. It will diagnose your damaged PC. It will scan all System Files, DLLs and Registry Keys that have been damaged by security threats.
This patented repair process uses a database of 25 million components that can replace any damaged or missing file on user's computer.
To repair damaged system, you have to purchase the licensed version of Fortect malware removal tool.

Prevent websites, ISP, and other parties from tracking you

To stay completely anonymous and prevent the ISP and the government from spying on you, you should employ Private Internet Access VPN. It will allow you to connect to the internet while being completely anonymous by encrypting all information, prevent trackers, ads, as well as malicious content. Most importantly, you will stop the illegal surveillance activities that NSA and other governmental institutions are performing behind your back.


Recover your lost files quickly

Unforeseen circumstances can happen at any time while using the computer: it can turn off due to a power cut, a Blue Screen of Death (BSoD) can occur, or random Windows updates can the machine when you went away for a few minutes. As a result, your schoolwork, important documents, and other data might be lost. To recover lost files, you can use Data Recovery Pro – it searches through copies of files that are still available on your hard drive and retrieves them quickly.


About the author
Gabriel E. Hall
Gabriel E. Hall - Passionate computer expert

Gabriel E. Hall is an expert troubleshooter who has been working in the information technology industry for years.

Contact Gabriel E. Hall
About the company Esolutions

Read in other languages

What you can add more about the problem: "How to Recover Files Encrypted by Petya Ransomware?"