Recently we have been face to face with the latest ransomware dubbed “Petya”. Petya comes often from a normal Dropbox Download Link, once you download a .exe file into your system and you run it: it is the begin of a probable disaster.

The .exe file have been ran on our Sandboxed desktop (Dell) and it led us to the windows Blue Screen (Failure), a Reboot and a Disk repair Screen. Afterwhile, an awful red screen is showing a message explaining that your hard disk have been encrypted (Military encryption algorithms…) and you must pay a ransom to the author so you can decrypt the HDD.

petya-ransomware-warning-screen

Here we share our solution to repair the corrupted HDD.

Steps:

Step 1: Attempt te repair the MBR (Master Boot Record)

  • Reboot PC
  • Insert Bootable Win DVD (7,8,Server…)
  • Choose to boot from the DVD
  • Choose Repair Computer Option
  • Launch Command Prompt (Ms Dos)
  • Type these commands in order:
    1. bootrec /fixmbr
    2. bootrec /fixboot
    3. bootrec /rebuildbcd

 

normally, the system show the number of windows installations, if it is “1” then you windows will boot as usual and you can proceed in cleaning your system in safemode.

but in the case of┬ánumber of windows installations is “0” then your HDD is corrupted and file system is changed (the system can not see existing files).

Step 2: Windows Partion Recovery

if you have luck and you you made a backup of your windows partition then you are saved.

Choose Partition Recovery from Bootable Win DVD and proceed as it follows


 

if you are in the second case and you didn’t made a Windows backup, you remove the HDD from the infected computer and then you hot plug it into another Computer.

Step 3: Data Recovery

  • Open disk management Tool and choose to Analyse disks from Actions Menu
  • The corrupted Disk will appear as a RAW Filesystem
  • Install a Good Parition┬áRecovery tool (testDisk, icare…) and recover your partition; if it does give any thing useful you:

You can attempt to recover the Boot Informations and restore it to the corrupted HDD but we did not try this yet.

To prevent this pain, from now on, you must think twice before opening any exe file. Protecting you Computer with an anti-virus does not prevent 0 Day vulnerabilities.

Leave a Comment

Your email address will not be published. Required fields are marked *