A Simple Guide To Removing Petya Ransomware

Updated on

A simple antidote has been found to stop the Petya Ransomware, which has been shutting down computers worldwide since Tuesday. Though not a kill switch, the “vaccine” could prevent companies from falling victim to the attack, which has affected organizations as large as the National Bank of Ukraine, advertising giant WPP, and US law firm DLA Piper. If you have the “infection” we have a brief guide on how to Remove Petya Ransomware.

Creating an extensionless file called perfc in your C:Windows folder and making it “read-only” seems to protect computers from this ransomware. Amit Serper, the Boston security researcher responsible for this discovery, has already warned that this is just a “temporary fix” and not a tool to stop the problem completely.

When Petya infects a machine, it searches for a file called perfc in your C:Windows folder. If it can’t find the file, the ransomware takes hold of your computer, locking files and part of the hard drive. On the other hand, if the file is found, the ransomware will become ineffective.

This discovery has been termed a “vaccine” as opposed to a killswitch, because each user must independently and manually create the perfc file. Since this workaround has gone public, security experts suspect that the Petya operators will soon modify the malware to negate this defence.

Until that happens, let’s take a detailed look at how this ransomware can be rendered ineffective.

How to Enable the Vaccine for Petya:

Note: You must first configure your computer to show file extensions. Make sure the Folder Options setting for Hide extensions for known file types option is unchecked under the View tab of the Folder Options dialog box, and save these settings.


  1. Access “C:” in your computer
  2. Open the “Windows” folder
  3. You’ll find a notepad file in it named “notepad”
  4. Copy & Paste the file in the same location
  5. Now, rename the file to perfc.
  6. Make the perfc file “read-only,” by right-clicking on it, selecting Properties, and checking the Read-only checkbox and then clicking Apply and then OK.

Follow the steps

How to remove Petya ransomware if you’ve been infected already?

The Petya ransomware generally waits about an hour before rebooting the machine and locking or encrypting your files. So when this reboot happens, if possible, you should switch off the computer to prevent your files from being encrypted.

If you fail, and the system reboots with the ransom note, don’t pay the ransom. As with all cases of ransomware attacks, the chances of you getting the decryption key for unlocking your files are very, very slim. Instead, you should disconnect your PC from the internet, reformat the hard drive and reinstall your files from a backup.

Protecting yourself from Ransomware:  

If you want to stay protected from ransomware attacks, be they Petya, WannaCry, or anything else, you need to install an endpoint security solution on your computer. With an endpoint security solution to protect your PC, as Comodo CEO Melih Abdulhahyoglu has pointed out, “No Petya….No WannaCry…..No Ransomware…” will affect you. He also goes on to give further stats about his security products saying, “Zero Infection on over 85 Million Endpoints…All Comodo customers were protected from Petya, WannaCry ransomware…Not a single infection.” This is indeed good news for those who wish to install an endpoint security solution.

Did you like this How To Remove Petya Ransomware guide? Please share with your friends using the buttons below.

Leave a Comment