Ransomware

Petya

First seen: 2016 • Status: inactive

Currently Inactive

Petya was a special type of computer hostage-taker that locked up the whole computer startup instead of just files.

Overview

Petya is a ransomware family that encrypts the Master Boot Record (MBR) rather than individual files. It was distributed through malicious email attachments.

Also Known As

Petya ransomware, GoldenEye

How It Spreads

  • Phishing emails
  • Malicious Dropbox links
  • Exploit kits

What It Does

  • MBR encryption
  • Full disk encryption
  • Bitcoin ransom demand
  • System boot prevention

Is your business exposed?

Target Platforms

Windows

Detection Tips

  • Monitor for MBR modifications
  • Check for suspicious reboot patterns
  • Analyze email attachments
  • Review disk access activity

MITRE ATT&CK Techniques

T1486, T1561, T1566, T1204

If You're Infected

  1. 1.

    Do not reboot infected systems

  2. 2.

    Attempt data recovery before full encryption

  3. 3.

    Restore MBR from backup

  4. 4.

    Reinstall operating system if needed

Related Malware

Notpetya, Wannacry, Badrabbit

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices