This week, computer security researchers discovered a new ransomware. It is named ‘Peta virus‘ and used malware to infect Microsoft Windows PCs. It encrypts files, adding the .peta file extension to the names of all encrypted files, on all attached data storage a short time after the PC has been infected.
Files encrypted by .peta virus
The Peta virus was designed by attackers to encrypt various files on the user’s computer, using a hybrid encryption mode, that makes it impossible for the user to unlock the affected files that have received .peta extension. Peta virus is able to encrypt almost all types of files, including common as:
.t12, .zdc, .wpl, .js, .pdd, .xmmap, .iwi, .wp4, .jpe, .r3d, .mddata, .zi, .xlsm, .slm, .x3f, .xdb, .wdb, .m3u, .sr2, .wmd, .kf, .xlsx, .odb, .z, .syncdb, .pef, .csv, .qic, .vcf, .wotreplay, .wgz, .psd, .png, .big, .dazip, .wsd, .epk, .docm, .mdb, .cfr, .sb, .rgss3a, .cdr, .zif, .wps, .mdf, .3ds, .xbdoc, .rw2, .1, .ysp, .asset, .accdb, .vpk, .litemod, .arw, .bay, .wbz, .webp, .y, .txt, .itl, .rofl, .gho, .der, .wp6, .dmp, .pdf, .sav, .mpqge, .mcmeta, .hplg, .rwl, .xbplate, .wm, .mrwref, .forge, .ws, .wb2, .pptx, .zdb, .0, .vpp_pc, .svg, .sidd, .dwg, .x3d, .rim, .ncf, .zip, .pem, .ntl, .bar, .webdoc, .srf, .lvl, .rar, .cas, .m2, .nrw, .sql, .bc7, .1st, .wp5, .sidn, .snx, .wma, .mov, .xxx, .x, .cer, .wbk, .wps, .bkp, .rtf, .wdp, .xlsb, .ppt, .ods, .zw, .3dm, .arch00, .map, .lbf, .ptx, .bsa, .dcr, .odt, .wsc, .rb, .dbf, .avi, .apk, .bc6, .xyp, .vdf, .fsh, .desc, .indd, .wbd, .jpeg, .tax, .re4, .lrf, .jpg, .t13, .wire, .wpe, .menu, wallet, .wcf, .icxs, .2bp, .gdb, .ztmp, .x3f, .mef, .sie, .mlx, .wpg, .d3dbsp, .ai, .wn, .p7c, .xwp, .pptm, .wav, .fos, .wp7, .pkpass, .doc, .wmo, .vfs0, .yal, .fpk, .dba, .das, .eps, .wbc, .mdbackup, .sid, .erf, .bkf, .xlgc, .xll, .ff, .xy3, .orf, .hvpl
Documents, videos, web application-related files, archives, images, database and music and other files which are locked by Peta become unusable and the user has no choice but to pay cyber frauds the amount of money they indicate in the ransom note named ‘_readme.txt’. After the transfer of this amount, the online criminals promise to send the victim an unique Peta decryption utility for unlocking files, which is a private key.
Peta virus ransom note
Threat Summary
| Name | Peta |
| Type | Crypto malware, File locker, Ransomware, Filecoder, Crypto virus |
| Encrypted files extension | .peta |
| Ransom note | _readme.txt |
| Contact | gorentos@bitmessage.ch |
| Ransom amount | $980 in Bitcoins |
| Symptoms | Your files fail to open. You get an error message like ‘Windows can’t open this file’, ‘How do you want to open this file’. Files called such as ‘_readme.txt’, ‘#_README_#’, ‘_DECRYPT_’ or ‘recover’ in each folder with at least one encrypted file. You have received instructions for paying the ransom. |
| Distribution methods | Spam or phishing emails that are designed to get people to open an attachment or click on a link. Drive-by downloads (ransomware has the ability to infect the computer simply by visiting a web page that is running malicious code). Social media, like web-based instant messaging programs. Suspicious web pages. |
| Removal | To remove Peta ransomware use the removal guide |
| Decryption | To decrypt Peta ransomware use the steps |
If you came across this post, you were likely looking for a solution on how to delete Peta virus, which does not involve paying the money. The goal of this blog post is to provide you with the necessary information that can help you understand how delete crypto malware and restore encrypted documents, photos and music that have been locked.
Quick links
- How to remove Peta crypto virus
- How to decrypt .peta files
- How to restore .peta files
- How to protect your machine from Peta crypto malware?
- To sum up
How to remove Peta crypto virus
Malware removal tools are pretty useful when you think your PC is affected by ransomware virus. Below we will discover best utilities that has the ability to identify and uninstall Peta crypto malware from your computer.
Run Zemana AntiMalware to remove Peta ransomware
Zemana is one of the best in its class, it can scan for and remove a large amount of of various security threats, including ransomware virus, worms, adware software, spyware, trojans and malicious software that masqueraded as legitimate computer programs. Also Zemana Anti Malware (ZAM) includes another utility called FRST – is a helpful application for manual removal of files and parts of the Windows registry created by crypto malware.
- Click the following link to download Zemana Free. Save it directly to your Microsoft Windows Desktop.
Zemana AntiMalware
164977 downloads
Author: Zemana Ltd
Category: Security tools
Update: July 16, 2019
- When the downloading process is finished, close all apps and windows on your computer. Open a folder in which you saved it. Double-click on the icon that’s named Zemana.AntiMalware.Setup.
- Further, press Next button and follow the prompts.
- Once installation is complete, click the “Scan” button to start scanning your PC system for the Peta crypto malware, other malicious software, worms and trojans. A system scan can take anywhere from 5 to 30 minutes, depending on your PC. During the scan Zemana will search for threats present on your PC.
- When Zemana AntiMalware has completed scanning your PC system, it will display the Scan Results. In order to delete all threats, simply click “Next”. After that process is done, you can be prompted to reboot your PC.
Run MalwareBytes to uninstall Peta ransomware
If you are having problems with the Peta ransomware removal, then download MalwareBytes AntiMalware. It is free for home use, and scans for and deletes various unwanted software that attacks your computer or degrades PC performance. MalwareBytes can remove adware, potentially unwanted software as well as malware, including ransomware and trojans.
- Installing the MalwareBytes Free is simple. First you will need to download MalwareBytes from the following link. Save it to your Desktop.
Malwarebytes Anti-malware
327220 downloads
Author: Malwarebytes
Category: Security tools
Update: April 15, 2020
- At the download page, click on the Download button. Your browser will open the “Save as” prompt. Please save it onto your Windows desktop.
- After the download is done, please close all software and open windows on your computer. Double-click on the icon that’s named mb3-setup.
- This will launch the “Setup wizard” of MalwareBytes Anti-Malware (MBAM) onto your personal computer. Follow the prompts and don’t make any changes to default settings.
- When the Setup wizard has finished installing, the MalwareBytes Free will launch and display the main window.
- Further, click the “Scan Now” button . MalwareBytes tool will start scanning the whole personal computer to find out Peta crypto virus, other malicious software, worms and trojans. Depending on your machine, the scan may take anywhere from a few minutes to close to an hour. During the scan MalwareBytes Anti-Malware will scan for threats present on your PC.
- Once the scan is complete, MalwareBytes will create a list of unwanted apps and ransomware.
- All found items will be marked. You can delete them all by simply click the “Quarantine Selected” button. Once that process is complete, you may be prompted to reboot the personal computer.
- Close the Anti-Malware and continue with the next step.
Video instruction, which reveals in detail the steps above.
Run KVRT to delete Peta crypto malware from the PC system
KVRT is a free portable application that scans your personal computer for adware software, PUPs and ransomware viruss like Peta and allows remove them easily. Moreover, it’ll also help you delete any malicious internet browser extensions and add-ons.
Download Kaspersky virus removal tool (KVRT) on your Microsoft Windows Desktop by clicking on the following link.
129278 downloads
Author: Kaspersky® lab
Category: Security tools
Update: March 5, 2018
Once the downloading process is finished, double-click on the KVRT icon. Once initialization procedure is done, you will see the Kaspersky virus removal tool screen as shown in the following example.
Click Change Parameters and set a check near all your drives. Click OK to close the Parameters window. Next press Start scan button to start scanning your PC for the Peta ransomware virus . This task can take quite a while, so please be patient. While the KVRT utility is checking, you can see how many objects it has identified as being affected by malware.
After the scan is finished, Kaspersky virus removal tool will produce a list of unwanted applications and ransomware as on the image below.
Make sure to check mark the threats that are unsafe and then click on Continue to begin a cleaning procedure.
How to decrypt .peta files
To date, there is no other method to unlock the encrypted photos, documents and music, but only to pay the money to scammers. Developers of free Peta decryption tools that can decrypt these files are working on creating them, but the result is not yet, and it is not known when it will be.
Never pay the ransom! However, the user who will pay the money to scammers cannot be completely sure of obtaining a private key, because he is dealing with unscrupulous and dishonest people who are ready to commit any immoral actions, including hiding after receiving the ransom from the user, and not providing a decryption utility (key) to decrypt encrypted personal files.
Files encrypted by .peta virus
The Peta crypto malware is not the only one of its kind, for some of them, there are already methods to decrypt encrypted documents, photos and music that were designed by computer security experts. This gives hope that the Peta decryption tool can be developed for this ransomware as well. However, since each case of coding is original, user should seek help and provide an identifier that will give the opportunity to get the private key and decryption utility.
How to restore .peta files
In some cases, you can recover files encrypted by Peta crypto malware. Try both methods. Important to understand that we cannot guarantee that you will be able to recover all encrypted personal files.
Recover .peta files with ShadowExplorer
The MS Windows has a feature named ‘Shadow Volume Copies’ that can help you to recover .peta files encrypted by the Peta ransomware. The method described below is only to restore encrypted personal files to previous versions from the Shadow Volume Copies using a free tool named the ShadowExplorer.
First, visit the following page, then click the ‘Download’ button in order to download the latest version of ShadowExplorer.
439619 downloads
Author: ShadowExplorer.com
Category: Security tools
Update: September 15, 2019
After the download is complete, open a directory in which you saved it. Right click to ShadowExplorer-0.9-portable and select Extract all. Follow the prompts. Next please open the ShadowExplorerPortable folder as shown on the image below.
Double click ShadowExplorerPortable to run it. You will see the a window like below.
In top left corner, choose a Drive where encrypted documents, photos and music are stored and a latest restore point similar to the one below (1 – drive, 2 – restore point).
On right panel look for a file that you wish to restore, right click to it and select Export as shown on the image below.
Restore .peta files with PhotoRec
Before a file is encrypted, the Peta crypto virus makes a copy of this file, encrypts it, and then deletes the original file. This can allow you to recover your documents, photos and music using file recover programs like PhotoRec.
Download PhotoRec on your MS Windows Desktop from the following link.
When the download is finished, open a directory in which you saved it. Right click to testdisk-7.0.win and select Extract all. Follow the prompts. Next please open the testdisk-7.0 folder as displayed below.
Double click on qphotorec_win to run PhotoRec for Microsoft Windows. It will show a screen as displayed on the screen below.
Select a drive to recover as displayed in the figure below.
You will see a list of available partitions. Select a partition that holds encrypted photos, documents and music as on the image below.
Press File Formats button and specify file types to restore. You can to enable or disable the recovery of certain file types. When this is finished, click OK button.
Next, click Browse button to select where recovered personal files should be written, then click Search.
Count of restored files is updated in real time. All recovered files are written in a folder that you have selected on the previous step. You can to access the files even if the restore process is not finished.
When the restore is complete, press on Quit button. Next, open the directory where restored personal files are stored. You will see a contents similar to the one below.
All recovered personal files are written in recup_dir.1, recup_dir.2 … sub-directories. If you’re looking for a specific file, then you can to sort your recovered files by extension and/or date/time.
How to protect your machine from Peta crypto malware?
Most antivirus apps already have built-in protection system against the ransomware. Therefore, if your computer does not have an antivirus application, make sure you install it. As an extra protection, run the HitmanPro.Alert.
Run HitmanPro.Alert to protect your personal computer from Peta crypto virus
All-in-all, HitmanPro.Alert is a fantastic utility to protect your computer from any ransomware. If ransomware is detected, then HitmanPro.Alert automatically neutralizes malware and restores the encrypted files. HitmanPro.Alert is compatible with all versions of Windows OS from Microsoft Windows XP to Windows 10.
Click the following link to download HitmanPro.Alert. Save it to your Desktop so that you can access the file easily.
After downloading is complete, open the folder in which you saved it. You will see an icon like below.
Double click the HitmanPro.Alert desktop icon. Once the utility is started, you’ll be displayed a window where you can select a level of protection, like below.
Now press the Install button to activate the protection.
To sum up
Now your PC system should be free of the Peta crypto malware. Uninstall MalwareBytes and KVRT. We recommend that you keep Zemana AntiMalware (ZAM) (to periodically scan your PC for new malware). Moreover, to prevent crypto virus, please stay clear of unknown and third party applications, make sure that your antivirus application, turn on the option to stop or scan for ransomware.
If you need more help with Peta ransomware virus related issues, go to here.
