Remove Peet Ransomware Virus (STOP/DJVU)

How to Remove Peet Ransomware?

Readers recently started to report the following message being displayed when they boot their computer:

ATTENTION!

Don’t worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
*Redacted for security reasons*
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that’s price for you is $490.
Please note that you’ll never restore your data without payment.
Check your e-mail “Spam” or “Junk” folder if you don’t get answer more than 6 hours.

To get this software you need write on our e-mail:
gorentos@bitmessage.ch
Reserve e-mail address to contact us:
gorentoshelp@firemail.cc
Our Telegram account:
@datarestore


Peet
is the name of a ransomware threat. It gets it from the extension it attaches, after it strikes. The Peet menace belongs to the notorious STOP/DJVU family of infections. It uses slyness and finesse to slither into your PC. Then, once inside, uses strong encryption algorithms to lock your files. It targets everything you keep on your PC. They all fall victim to the ransomware. Documents, archives, videos, music, photos. They get locked. As stated, the tool appends the ‘.peet‘ extension at the end of each one. Thus, solidifying its grip over them. As an example, if you have a picture called ‘today.jpg,’ it changes to ‘today.jpg.peet.‘ After the extension is in place, your files become inaccessible. To change that, and turn them usable again, you need a key. “A unique decryption key.” The Peet threat makes that clear in the ransom note it leaves you. “The only method of recovering files is to purchase decrypt tool and unique key for you.” To get the key, you have to pay a ransom. “Price of private key and decrypt software is $980.” It even entices you into paying faster by offering a discount. “Discount 50% available if you contact us first 72 hours, that’s price for you is $490.” The note is a text file, called “_readme.txt.” It’s located on your Desktop, a well as in each folder with affected files. Heed experts’ advice, and don’t follow the demands, listed in the note. Don’t contact these people. Don’t pay them. Don’t reach out at all.

How did I get infected with?

The Peet infection uses trickery to invade. It preys on your carelessness. And, resorts to the old but gold methods of infiltration. More often than not, it finds a way in via spam emails. You get an email that appears to come from a reputable company. Like, Amazon or PayPal. A closer look would reveal that to be false. However, if you’re careless, you get fooled. The email tries to convince you to click a link, or download an attachment. And, if yo do, you end up with the Peet ransomware. Do yourself a favor, and don’t give into carelessness. Take the opposite approach, and be extra thorough. Read terms and conditions, look for the fine print. Double-check everything before clicking, or agreeing to it. Even a little extra attention can save you a ton of issues. Caution helps to keep an infection-free PC. Carelessness does not. Make the right choice, and always do your due diligence.

Remove Peet

Why is Peet dangerous?

The ransom note opens with “Don’t worry, you can return all your files!” It aims to prey on your naivety and fear, and get you to pay up. But to pay is not in your best interest. In fact, it’s against it. Let’s examine your options, shall we? What happens if you choose to pay the ransom? Well, you send the money, and wait for the key. The key that the cyber kidnappers promised to send you after the payment. But what if they don’t? After all, nothing binds them to that promise. You have zero guarantees that payment earns you anything but regret. Remember that you’re dealing with data kidnappers, who extort you for money. These are hardly trustworthy individuals. Don’t rely on them to keep their word. They can choose not to send you a key. They can send you one that fails to remove the encryption. These people have a multitude of ways to double-cross you. Don’t let them get away with your money. Don’t waste your resources, time and energy, dealing with them. Compliance is not the way to go. Don’t comply. Don’t pay.

Peet Removal Instructions

STEP 1: Kill the Malicious Process

STEP 2: Reveal Hidden Files

STEP 3: Locate Startup Location

STEP 4: Recover Peet Encrypted Files

STEP 1: Stop the malicious process using Windows Task Manager

  • Open your task Manager by pressing CTRL+SHIFT+ESC keys simultaneously
  • Locate the process of the ransomware. Have in mind that this is usually a random generated file.
  • Before you kill the process, type the name on a text document for later reference.

end-malicious-process

  • Locate any suspicious processes associated with Peet encryption Virus.
  • Right click on the process
  • Open File Location
  • End Process
  • Delete the directories with the suspicious files.
  • Have in mind that the process can be hiding and very difficult to detect

STEP 2: Reveal Hidden Files

  • Open any folder
  • Click on “Organize” button
  • Choose “Folder and Search Options”
  • Select the “View” tab
  • Select “Show hidden files and folders” option
  • Uncheck “Hide protected operating system files”
  • Click “Apply” and “OK” button

STEP 3: Locate Peet encryption Virus startup location

  • Once the operating system loads press simultaneously the Windows Logo Button and the R key.

win-plus-r

Depending on your OS (x86 or x64) navigate to:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

  • and delete the display Name: [RANDOM]

delete backgroundcontainer

  • Then open your explorer and navigate to:

Navigate to your %appdata% folder and delete the executable.

You can alternatively use your msconfig windows program to double check the execution point of the virus. Please, have in mind that the names in your machine might be different as they might be generated randomly, that’s why you should run any professional scanner to identify malicious files.

STEP 4: How to recover encrypted files?

  • Method 1: The first and best method is to restore your data from a recent backup, in case that you have one.

windows system restore

  • Method 2: File Recovery Software – Usually when the ransomware encrypts a file it first makes a copy of it, encrypts the copy, and then deletes the original. Due to this you may try to use file recovery software to recover some of your original files.
  • Method 3: Shadow Volume Copies – As a last resort, you can try to restore your files via Shadow Volume Copies. Open the Shadow Explorer part of the package and choose the Drive you want to recover. Right click on any file you want to restore and click Export on it.

Leave a Comment