Remove Petya.a Ransomware | Updated


I wrote this article to help you remove Petya.a Ransomware. This Petya.a Ransomware removal guide works for all Windows versions.

Do you remember the dreadful Petya Ransomware? Well, it is back. Actually, a new updated version of it has emerged. It is called Petya.a and it is very dangerous. If you are infected with it, you are in for tons of trouble. Needless to say, you have to do your best to deal with this pest as soon as possible. And by “deal with”, we mean complete erase from your machine. Otherwise, you know what happens. Petya.a operates like all ransomware pieces and have the same goal – your money – but as an advanced and improved version, it features some differences.

For instance, unlike other members of this family which encrypt your files one by one, Petya.a does something else. It forces your machine to reboot and then goes after the Master File Table (MFT). Moreover, it messes with the Master Boot Recorder (MBR). The result is unsurprising. You find all of your files locked and inaccessible. Everything you have on your PC is now encrypted and you cannot open or edit it. You probably have some very important information among the locked one. Perhaps something work-related and crucial which is now out of your reach. Well, this is what Petya.a is hoping for. It relies on the fact that the encrypted data is so important and irreplaceable to you that you would do anything to have it back.

Once the locking part is over, you get payment instructions. Petya.a drops a note, according to which you have to pay $300 in Bitcoins in exchange of a special tool that is supposed to help you recover your data. The note also provides an email address for you to contact the hackers – Do not get in touch with these people unless you want to end up double-crossed.

As we already stated, your locked files are crooks` very last concern. They want your money and once they get it, they will forget about your data. This means that you will spend $300 for absolutely nothing. They may not send you a decryptor. Or, what if they give you one that only works partially.

Remove Petya.a Ransomware
The Petya.a Ransomware

There is a third scenario. You pay and they do send you the tool. Then, you use it to free your files but they get re-encrypted hours later. Yes, there is a huge possibility of that happening because the decryptor doesn’t remove the infection. It only removes the encryption. And you are back to square one only with less money which crooks will now use for expanding and more malware creation. But this is not all.

When you use your machine to transfer money, you are exposing your personal and financial details to them. If that happens, there is no turning back. Cybercriminals are the last people to have access to your privacy. Don’t let them. Don’t pay. If you want your files back, first you have to remove Petya.a from your PC so that your newly-recovered data is safe. Do to that, use our removal guide down below and once your machine is clean, you can try decrypting your files.

How to protect yourself in the future? Petya.a, just like the original Petya, mostly gets distributed via massive spam waves. Fake messages with malicious attachments get sent to victims all over the world. When you receive an email from an unknown sender, proceed with caution. Don’t open everything you see as it may be an infection. It is up to you to keep your computer virus-free. Delete all messages from unknown senders even if they look legitimate. Hackers often use names, logos, stamps, etc. to make them more believable.

Also, stay away from unverified download sources, exploit kits, corrupted pages, fake program updates, etc. Petya.a doesn’t get spread only via one method. Be on the alert. Better yet, get yourself a good anti-malware program to help you stay protected and always keep backups of your most important files.

Petya.a Ransomware Removal

Method 1: Restore your encrypted files using ShadowExplorer
Usually, Petya.a Ransomware deletes all shadow copies, stored in your computer. Luckily, the ransomware is not always able to delete the shadow copies. So your first try should be restoring the original files from shadow copies.

  1. Download ShadowExplorer from this link:
  2. Install ShadowExplorer
  3. Open ShadowExplorer and select C: drive on the left panelshadowexplorer
  4. Choose at least a month ago date from the date field
  5. Navigate to the folder with encrypted files
  6. Right-click on the encrypted file
  7. Select “Export” and choose a destination for the original file

Method 2: Restore your encrypted files by using System Restore

  1. Go to Start –> All programs –> Accessories –> System tools –> System restore
  2. Click “Nextsystem restore
  3. Choose a restore point, at least a month ago
  4. Click “Next
  5. Choose Disk C: (should be selected by default)
  6. Click “Next“. Wait for a few minutes and the restore should be done.

Method 3: Restore your files using File Recovery Software
If none of the above method works, you should try to recover encrypted files by using File Recovery Software. Since Petya.a Ransomware first makes a copy of the original file, then encrypts it and deletes the original one, you can successfully restore the original, using a File Recovery Software. Here are a few free File Recovery Software programs:

  1. Recuva
  2. Puran File Recovery
  3. Disk Drill
  4. Glary Undelete
Daniel Stoyanov
Daniel Stoyanov has a Master's degree in Computer Science from the Technical University of Sofia, Bulgaria. He is also a Microsoft Certified Professional. Daniel provides top cyber security news with in-depth coverage of malware, vulnerabilities, PC and Network security, online safety. If you have any questions feel free to ask him right now.


Please enter your comment!
Please enter your name here

Time limit is exhausted. Please reload CAPTCHA.