Home / Parasites / Trojans / Petna Ransomware
Click on screenshot to zoom
Danger level 7
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

Petna Ransomware

Petna Ransomware is a highly dangerous computer infection dedicated to encrypting your personal files in order to demand money from you as you may want to get your important files back. However, you ought to remove this ransomware because the ransom to be paid can be too high for you. We have found that this ransomware is disseminated using the EternalBlue exploit that exploits a vulnerability in Windows that, in turn, accepts specially crafted packets from remote attackers. Hence, your PC can become infected with this ransomware secretly. This ransomware is set to modify the Master Boot Record (MBR) to trick you into thinking that your system is being repaired while this ransomware encrypts your files. To find out more about Petna Ransomware, please continue reading.

When Petna Ransomware infects a computer, it restarts the computer immediately. It modifies the Master Boot Record (MBR) and starts chkdsk that is set to attempt to repair the system on %HOMEDRIVE%. It creates a task “schtasks %ws/Create /SC once /TN "" /TR "%ws" /ST d:d” that is set to restart your PC at a specified time “shutdown.exe /r /f.” While doing the fake repair, you will see a message that says “WARNING: DO NOT TURN OFF YOUR PC! IF YOU ABORT THIS PROCESS, YOU COULD DESTROY ALL OF YOU DATA! PLEASE ENSURE THAT YOUR POWER CABLE IS PLUGGED IN!” The thing is that if you unplug your PC right

However, this disk check is fake as it is set up by this ransomware to scare you in not restarting your PC. While the fake repair is going on, it encrypts the targeted files. The repair is set to finish unsuccessfully, and once it is complete or you have restarted your computer a red flashing ASCII skeleton is set to appear with the text "PRESS ANY KEY!" If you press a key, then another window will appear that contains a ransom note.

This ransomware was configured to encrypt many file types that include but are not limited to .3ds, .7z, .accdb, .ai, .asp, .aspx, .avhd, .ovf, .pdf, .php, .pmf, .ppt, .pptx, and .pst, among others. This program is highly dangerous because it can encrypt many of your most valuable files. In fact, this ransomware’s developers target German-based companies and businesses as their work computers can contain precious information for which their owners would be willing to pay the ransom. This ransomware demands that you pay a 0.8 BTC ransom which translates to an approximate 1,900 USD. It is worthy of a note that the payment is set to double if you do not pay within seven days. Clearly, the cyber criminals mean business and there are in to make a small fortune. Unfortunately, this ransomware generates a key using CryptGenRandom the function. Hence, the generated key ensures a very strong, secure encryption and, therefore, you cannot decrypt your files. There is no free decryption tool capable of handling this ransomware’s encryption, and there is no guarantee that it will ever be created.

Petna Ransomware is an advanced ransomware that was created by people that know what they are doing. It has been updated several times and, thus, has many versions that may still be floating around. We have concluded that Petna Ransomware is the same program as Petya Ransomware, NotPetya Ransomware, EternalPetya Ransomware, PetyaBlue Ransomware, and SortaPetya Ransomware. This ransomware goes by many names, and while its many versions are slightly different, they are still extremely dangerous.

Our research has revealed that this ransomware is distributed using the EternalBlue exploit. This exploit was allegedly developed by the NSA but later leaked by a hacking group known as Shadow Brokers. This exploit was also successfully used for distributing the WannaCry Ransomware in May of 2017. EternalBlue exploits a vulnerability in Microsoft's implementation of the Server Message Block. This vulnerability exists because SMBv1 server in various versions of Microsoft Windows accepts specially crafted packets from remote attackers. As a result, SMBv1 allows cyber criminals executable arbitrary code on the target computer. The good news is that this vulnerability has been patched, so to avoid getting, Petna Ransomware you should run Windows Update or get the MS17-010 patch, specifically. Research has shown that this ransomware drops this ransomware in %HOMEDRIVE% which is usually disk C. the ransomware comes as a DLL file that is named 027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745.bin.dll,#1 which is run using a Windows application named rundll32.exe.

Without a doubt, Petna Ransomware is one malicious piece of software that can ruin your day if your business computer becomes infected with it. It can enter your PC if it is left unprotected and encrypt your files. Then it will demand that you pay a hefty ransom. However, you should not listen to the criminals and remove this ransomware altogether. However, before you do that, you have to repair the Master Boot Record. See the guide below for more information.

Fix the Master Boot Record (MBR)

Windows XP

  1. Insert the CD of Windows XP in the CD/DVD-ROM.
  2. While restarting the PC, press any key to boot.
  3. Press the R key to open the Recovery Console.
  4. Type 1 and press Enter if Windows XP is your only OS.
  5. Enter your administrator password and hit Enter.
  6. Press the Y key and then hit Enter.
  7. Eject the CD from the CD/DVD-ROM.
  8. Type Exit and then press Enter to restart your PC.

Windows Vista

  1. Insert the CD of Windows Vista in the CD/DVD-ROM.
  2. While restarting the PC, press any key to boot.
  3. Select the language and keyboard layout.
  4. Click Repair your computer.
  5. Select the operating system.
  6. Click Next.
  7. Open Command Prompt.
  8. Type the following commands.
    • bootrec /FixMbr
    • bootrec /FixBoot
    • bootrec /RebuildBcd
  9. Press Enter after you enter each of the commands.
  10. Remove your CD and type exit.
  11. Press Enter.

Windows 7

  1. Insert the DVD of Windows 7 in the CD/DVD-ROM.
  2. While restarting the PC, press any key to boot.
  3. Select your language and keyboard layout.
  4. Click Next.
  5. Select the OS.
  6. Click Next.
  7. Click Command Prompt to open it.
    • Type bootrec /rebuildbcd. Press Enter.
    • Type bootrec /fixmbr. Press Enter.
    • Type bootrec /fixboot. Press Enter.
  8. Remove the DVD and restart your computer.

Windows 8/8.1/10

  1. Insert the DVD of Windows 7 in the CD/DVD-ROM.
  2. While restarting the PC, press any key to boot.
  3. Click Repair your computer at the Welcome screen.
  4. Click Troubleshoot and open Command Prompt.
    • Type bootrec /FixMbr and hit Enter.
    • Type bootrec /FixBoot and hit Enter.
    • Type bootrec /ScanOs and hit Enter.
    • Type bootrec /RebuildBcd and hit Enter.
  5. Remove the DVD from the CD/DVD-ROM.
  6. Type Exit and then press Enter.
  7. Reboot your computer.

Delete this ransomware

  1. Hold down Windows+E keys.
  2. Type %HOMEDRIVE% in the address box and press Enter.
  3. Find 027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745.bin.dll,#1
  4. Right-click it and click Delete.
  5. Empty the Recycle Bin.
Download Spyware Removal Tool to Remove* Petna Ransomware
  • Quick & tested solution for Petna Ransomware removal.
  • 100% Free Scan for Windows
disclaimer
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
 This is a captcha-picture. It is used to prevent mass-access by robots.

 
© 2006-2024 pcthreat.com  |  Terms of use |  Privacy policy |  About us |  Link to US