Skip to content
  • Active
  • Severity: High
  • Ransomware
  • Windows
  • Verified · Jun 2020

How to remove Peta ransomware

A step-by-step removal guide for affected devices. Follow the verified procedure below — most readers complete it in under 10 minutes.

Linas Kiguolis · Expert in social media

Peta is an advanced cryptovirus that modifies computer system to prevent victims from visiting security-related sites

Peta ransomware

Peta is a ransomware developed by hackers who are responsible for the release of one of the most notorious file locking malware families in the wild – Djvu/STOP. Ransomware[1] is a devastating type of infection that not only modifies how the Windows system works but also encrypts all personal files located on the local or networked hard drive. To retrieve access to the data, victims of the Peta file virus are asked to pay a ransom of $980 or $490 in Bitcoin cryptocurrency.

Besides encrypting pictures, videos, music, database, document and appending .peta file extension, Peta virus also drops a ransom note _readme.txt – the name of the note and the body text does not differ from many other Djvu variants, such as Seto, Gero, Nacro, and many others. Even contact emails gorentos@bitmessage.ch and gerentoshelp@firemail.cc were already used by hackers before.

Peta ransomware, along with dozens of other variants is capable of modifying hosts file that prevents users from accessing cybersecurity sites. After virus termination, victims need to delete this file located in C:\Windows\System32\drivers\etc and change all their passwords to ensure no account compromise.

Name Peta ransomware
Type Cryptovirus
Family STOP/Djvu
Ransom note _readme.txt
Contact gorentos@bitmessage.ch or gerentoshelp@firemail.cc
File extension .peta
Ransom size $980 or $490
File decryption Only available via backups, third-party software, or might be possible via paid Dr.Web service
Virus elimination Scan your machine with reliable anti-malware software in Safe Mode
Recovery To avoid unexpected system errors and other troubles after a virus infection, use FortectIntego

While previous versions of this notorious ransomware family were in some cases possible to decrypt using a free tool from security researchers, Peta ransomware now possesses improved functionality that prevents the decryptor from working.

Nevertheless, experts[2] advise avoiding paying the ransom, as cybercriminals might scam you or send a malicious executable in return. Besides, you can try using third-party recovery tools after Peta removal to retrieve at least some of the locked files. We provide all the relevant instructions at the bottom of the article, so make sure you check them out.

Peta ransomware virus

Peta ransomware can be distributed in a variety of methods, such as:

  • Fake updates;
  • Spam emails;
  • Software cracks;
  • Exploits;
  • Web injects;
  • Remote Desktop;[3]
  • Backdoor, etc.

As soon as Peta ransomware reaches the machine, it locks all files on it and drops the following ransom note which also offers users a test decryption service (another trick to make users provide a false sense of certainty):

ATTENTION!

Don't worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-BDgg6lyvws
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail “Spam” or “Junk” folder if you don't get answer more than 6 hours.

To get this software you need write on our e-mail:
gorentos@bitmessage.ch

Reserve e-mail address to contact us:
gerentoshelp@firemail.cc

Your personal ID:
0160psdfjH7gdfgN3Iu5VrB47SU8KsXTRn3ABZtHaQRmDcc2erQZHp4

Another reason to remove Peta ransomware is due to its functionality – some of the variants are capable of harvesting sensitive data (like login details and banking information), modifying hosts file and even proliferating a secondary payload such as AZORult Trojan. Due to hosts file modification, you will not be able to reach any security-related websites, including 2-spyware.com.

To get rid of Peta virus, you will have to scan your machine with reputable security software. After that, you can attempt to recover files using the instructions in the recovery section below. Finally, you should consider using FortectIntego to repair damage done to Windows system files.

Peta ransomware encrypted files

User comprehensive protection to ensure no ransomware can compromise your files in the future

Ransomware victims are mostly those who have never been infected with such a devastating virus before – that explains a high infection rate over the world. Many users disregard the security precautions that should be taken to reduce the chance of malware infection to a minimum, as most of the infiltrations are triggered by users themselves, whether it is due to lack of knowledge or negligence.

The first step to a safer machine is adequate applications, such as anti-malware software, ad-blocking apps, as well as Firewall. A subsequent step is to make sure that all the software and the operating system is patched with the latest security updates that prevent vulnerabilities from being used to install the payload automatically.

Finally, users should simply be more careful and critical when browsing the web: never download software cracks, use strong passwords (and never re-use them), never open macro-induced spam email attachments, etc.

Nevertheless, no method is 100% secure, and the infection is still possible. To avoid the treacherous ramifications of ransomware, you should make sure that you backup your most important files either on an external device or a remote virtual drive.

Get rid of Peta ransomware and delete the hosts file to recover from the infection

While most of the ransomware delete themselves as soon as they perform the encryption process on the host computer, Peta virus might leave malicious modules that keep stealing sensitive data and encrypt all the incoming files. Therefore, it is vital to make sure that a full Peta removal is performed. For that, use powerful anti-malware software to scan your computer thoroughly. If the malware is tampering with your security application, access Safe Mode with Networking – the secure environment will temporarily disable the function of the virus.

Once you remove Peta ransomware, you need to perform the following tasks:

  • Change the passwords of all accounts (make them relatively long and use symbols and capital letters)
  • Check your bank account and make sure no unauthorized transactions were performed; if yes – contact your bank immediately;
  • Go to the following location on your computer: C:\Windows\System32\drivers\etc. Delete the “hosts” file using admin permissions.

Peta ransomware modifies hosts file

Finally, you can attempt to recover .peta locked files. While STOPDecrypter will not work, you can ask Dr.Web for help, employ third-party software, or using Windows Previous Versions feature.

Be the first to comment

Spyware news
Privacy preferences

We use cookies to improve your experience and analyze traffic. Some cookies enable embedded content like videos and social posts. Choose what you allow — you can change this anytime.