April 12, 2016
If your PC is infected by Petya ransomware, the solution to getting your computer back no longer means shelling out your hard earned dollars to cyber-criminals.
Security experts have come up with a way to recover data from computers infected with Petya, a ransomeware that overwrites a hard disk drive’s master boot record (MBR), replacing it with code that encrypts the master file table (MFT) and shows a ransom note. The move makes it impossible for computers to boot up.
Leostone’s website enables victims to generate the necessary key to unlock their computers, but they must first provide data from the infected drive.
For those who are unsure of how to access the necessary data, Lawrence Abrams from bleepingcomputer.com offers some easy-to-follow directions.
He suggests using a tool created by Emsisoft security expert Fabian Wosar to extract the necessary data.
“In order to use this tool, you need to take the encrypted drive from the affected computer and attach it to a Windows computer that is working properly,” Abrams writes. “If your infected computer has multiple drives, you should only remove the drive that is the boot drive, or C:\ drive, for your computer. For those who may find it difficult to remove a hard drive from one computer and attach it to another, you can purchase a USB hard drive docking station…Simply insert the encrypted drive into the docking station and then attach it via the USB cable to a working computer.”
The step-by-step instructions can be read in his blog post here.
The tool is free to use, but there is a donate button for users to show their appreciation.
Jennifer Cowan is the Managing Editor for SiteProNews.