Petya+ Ransomware Removal Guide

Threat Level:
Rate this Article:
Comments (0)
Article Views: 395
Category: Trojans

A new ransomware-type infection Petya+ Ransomware has been spotted. It shares similarities with the well-known ransomware infection Petya Ransomware, but it is definitely not as harmful as this popular threat. It does not even encrypt files, as research conducted by experts at has shown. You might wonder why it has been classified as ransomware if it does not lock files. The answer to this question is easy – it still demands money from users. Unlike other ransomware-type infections, it opens three different windows to scare users into giving cyber criminals their money. The last window is a ransom note that tells users about the encryption of hard disks and how files can be unlocked. As you already know, Petya+ Ransomware does not lock files at the time of writing, so there is no need to pay a ransom to cyber crooks too. Of course, it is still a must to delete the ransomware infection from the system in this case. Frankly speaking, we would not let you pay a ransom to malware developers even if you told us that you found almost all your files locked because we know better than others that cyber criminals do not always do what they say. That is, they might not give you the promised decryption tool even if they received your money.

Petya+ Ransomware differs from other ransomware infections in a sense that it opens three windows on users’ screens. The first one is the black Check Disk window claiming that one of the disks contains errors that need to be repaired ASAP. It is opened on the screen of the compromised machine right after the malicious file of this infection is launched. When the “disk repair” is finished, the black window disappears leaving the place for a red window with an ASCII skull. It contains only three words “PRESS ANY KEY!” at the bottom. If a user presses any key on a keyboard, a ransom note appears on the screen. Its first sentence lets users know that there is a ransomware infection on their PCs: “You became a victim of the PETYA RANSOMWARE!.” Then, they are told that their hard disks together with personal files “have been encrypted with an military grade encryption algorithm.” Although this threat does not encrypt files, it still demands a ransom. Users are told that they can restore their data with a special key only. Cyber criminals are the ones who have it, but they are “very kind” and allow users to purchase it from them. Users have to follow three steps if they wish to get a decryptor: 1) download the TOR browser, 2) visit any of the provided URLs, 3) enter the personal decryption code. Then, they have to make a payment. The price of the key is unknown, but you are not allowed to purchase it even if it is not at all expensive because you simply do not need it – your all files are intact. Close the ransom note opened on your Desktop by pressing Alt+F4 simultaneously and see for yourself that nothing bad has happened to your files.

Specialists at have revealed that Petya+ Ransomware is only an imitation of a well-known ransomware infection Petya Ransomware. Despite the fact that they are different threats, they are distributed similarly. Petya+ Ransomware is also mainly spread as an attachment in spam emails. It is not so easy to recognize these malicious attachments, so it is not surprising that users open them and get infected with Petya+ Ransomware. Although users often contribute to the entrance of malware on their PCs without realizing that, other active malicious applications might help them to enter systems too. In the case of ransomware infections, they might be dropped on users’ PCs by Trojans. If you do not want to discover your files encrypted again, acquire and enable a security application on your computer – it is the one that can help you to ensure the system’s protection without putting much effort into this.

Delete Petya+ Ransomware without consideration if you have already discovered it on your PC. Do not even consider paying a ransom to cyber criminals because your files are fine! Below-provided removal instructions should help you to fully delete this threat, but you can, of course, erase it automatically too if you do not find the manual method very easy.

Petya+ Ransomware removal guide

  1. Press Alt+F4 and close the window opened by Petya+ Ransomware.
  2. Launch Explorer (tap Win+E).
  3. Check two places where suspicious files downloaded from the web are usually hiding: %USERPROFILE%\Desktop and %USERPROFILE%\Downloads.
  4. Delete malicious files you find and go to empty the Recycle bin.
Download Remover for Petya+ Ransomware *
*SpyHunter scanner, published on this site, is intended to be used only as a detection tool. To use the removal functionality, you will need to purchase the full version of SpyHunter.

Petya+ Ransomware Screenshots:

Petya+ Ransomware
Petya+ Ransomware
Petya+ Ransomware


Your email address will not be published.


Enter the numbers in the box to the right *