Petya+ Ransomware

Posted: July 12, 2017
Threat Metric
Threat Level: 10/10
Infected PCs 7

Petya+ Ransomware Description

The Petya+ Ransomware is a fake variant of the Petya Ransomware that imitates most of that Trojan's features without locking your files. Although in its current state, the Petya+ Ransomware isn't an immediate danger to any local media, victims should be informed about the potential for updates to this Trojan that could allow it to leverage real, data-blocking attacks, and protect themselves with appropriate backup strategies. Some brands of anti-malware programs also may delete the Petya+ Ransomware automatically, before any of its symptoms occur.

When a Trojan Introduces Itself by the Wrong Name

Many threat actors don't see the need to create pet projects of their own when others have already done the majority of the work in both publicizing and programming a Trojan campaign. On the programming side, this essential laziness makes itself evident with the various clones and derivatives of families like Hidden Tear. However, regarding brand publicity, it's best shown through Trojans like the Petya+ Ransomware, a new threat that malware experts are examining currently.

Unlike the Trojan that inspired its design, the Petya+ Ransomware has no encryption features and can't lock the user's documents or other media. However, in other respects, the Petya+ Ransomware imitates the visuals of the Petya Ransomware's payload, including the below symptoms:

  • The Petya+ Ransomware imitates the CHKDSK screen of the Petya Ransomware, which the older threat uses for concealing the length of its data-enciphering function. This fake Windows screen claims to be repairing the hard disk of unspecified errors in a process that 'may take several hours.'
  • When it finishes displaying the previous message, the Petya+ Ransomware transitions into showing ASCII art of a skull, and, then, a ransom note. This last screen warns that your local files are being held hostage by a military-grade encryption cipher and provides TOR links to its ransom-paying site.

The Petya+ Ransomware's author has put limited effort into imitating any of the other features related to traditional encryption attacks and doesn't provide renaming or extension-appending functions. Accordingly, any users should be able to open and continue using their files without difficulty.

The Cost of Failing to Tell Appearance from Reality in Threatening Software

The look of a Trojan isn't always a reliable clue of how it's trying to attack your PC, which fake variants of families like the Petya+ Ransomware so well demonstrate. Many of the ransom-collecting methods favored by con artists often avoid all of the standard protections, such as refund policies, that come with traditional currencies and transactions. Since the Petya+ Ransomware has no current ability to damage your local files, the only thing paying its ransom accomplishes is rewarding its threat actor for doing almost nothing.

The modes of distribution being abused by the Petya+ Ransomware are still in analysis. For comprehensive protection, malware experts recommend scanning unusual e-mail attachments with appropriate security products, using security features that block drive-by-downloads from corrupted Web addresses, and scheduling rotations of complex, unique passwords. Since this Trojan's attack features are limited, only a few anti-malware solutions are capable of identifying and removing the Petya+ Ransomware accurately currently.

As usual, one con artist can do a great deal of the legwork of publicizing a Trojan, while countless others take advantage of it. For users without backups, there always are problems with assuming a Trojan like the Petya+ Ransomware is honest, with the cost being measured both financially and in their peace of mind.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Petya+ Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Home Malware Programs Ransomware Petya+ Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.