Remove Peta File Virus Ransomware ( STOP ransomware)

How to Remove Peta Ransomware?

Readers recently started to report the following message being displayed when they boot their computer:


Don’t worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:

Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that’s price for you is $490.
Please note that you’ll never restore your data without payment.
Check your e-mail “Spam” or “Junk” folder if you don’t get answer more than 6 hours.
To get this software you need write on our e- mail:

Reserve e-mail address to contact us:
Our Telegram account:

Your personal ID:

is yet another variant of the notorious STOP (DJVU) ransomware. The dreaded threat invades your system, then strikes. It encrypts your data, and extorts you for its release. The infection targets everything, you keep on your computer. The cyber plague adds the ‘peta‘ extension, at the end of each file. If you have a photo with the name ‘sunset.jpg,’ it turns into ‘sunset.jpg.peta.‘ Once the extension is in place, you can no longer access your files. Moving or renaming them, is futile. The ransomware gives you only one way out, and that’s compliance. Documents, archives, music, videos, pictures. Nothing escapes its clutches. It uses a special encryption algorithm to lock it all. Then, leaves you a ‘_readme.txt‘ file on your Desktop. It contains an explanation of what unfolded. And, instructions on what you’re expected to do. If you wish to free your files, you have to pay a ransom. The extortionists demand “$980.” To sweeten the deal, they offer a “50% discount.” That is, if you pay within the “first 72 hours,” the “price for you is $490.” Supposedly, if you pay up, you’ll get a key and unlock your files. Once payment is complete, the cyber kidnappers promise to send you the unique key you need. They claim, that when you apply it, you’ll decrypt your data. You need to ask yourself the following. Can you trust the words of unknown cyber criminals?

How did I get infected with?

The Peta threat turns to all manner of trickery to invade. The old but gold methods come in rather handy, when it comes to infiltration. The infection often lurks behind corrupted sites, links or torrents. Or, pretends to be a bogus system or program update. Like, Adobe Flash Player or Java. It can, of course, use freeware, as well. But, approve all, it uses spam emails. You get an email that appears to come from a legitimate source. Like, a well-known company. PayPal, DHL, Amazon. You open it, and it urges you to click a link, or download an attachment. If you do as it requests, you’ll regret it. You’ll end up with a menace, like Peta. Infections, like it, prey on your carelessness. They rely on you to throw caution to the wind. And, skip doing due diligence. Don’t oblige. Don’t ease their invasion. Always make sure to be thorough. Take the time to read terms and conditions, look for the fine print. And, never discard the importance of vigilance. Even a little extra attention goes a long way.

Remove Peta

Why is Peta dangerous?

Ransomware threats, like Peta, prey on your fear. They rely on it. They try to frighten you into submission. That’s why, the ransom note you get stuck with, gives you such an ultimatum. To pay up, or lose all your data. The infection tries to scare you into payment. Don’t oblige. Don’t give into gullibility, and act against your best interests. Throwing money at the problem, won’t make it go away. Think about your options here. You can pay the requested ransom. But then what? You wait to see if the extortionists follow through on their promises. And, that seems quite unlikely. They can choose not to send you a decryption key, at all. Or, send you one that doesn’t work. And, even if you get the right one, you’re not in the clear. Yes, you may end up removing the encryption. But for how long? After all, the ransomware menace remains. By paying the price, you pay to receive a decryption key. Not to remove the cyber threat. So, it still lurks somewhere on your PC, ready to strike again. It could be a minute after you apply the key, an hour, a week. Payment proves futile. Don’t pay the ransom. Don’t comply with the infection’s demands. It may seem a tough decision to make, but it’s the right one. Don’t place your faith in the promises of extortionist cyber criminals. Put your trust in backups and cloud services.

Peta Removal Instructions

STEP 1: Kill the Malicious Process

STEP 2: Reveal Hidden Files

STEP 3: Locate Startup Location

STEP 4: Recover Peta Encrypted Files

STEP 1: Stop the malicious process using Windows Task Manager

  • Open your task Manager by pressing CTRL+SHIFT+ESC keys simultaneously
  • Locate the process of the ransomware. Have in mind that this is usually a random generated file.
  • Before you kill the process, type the name on a text document for later reference.


  • Locate any suspicious processes associated with Peta encryption Virus.
  • Right click on the process
  • Open File Location
  • End Process
  • Delete the directories with the suspicious files.
  • Have in mind that the process can be hiding and very difficult to detect

STEP 2: Reveal Hidden Files

  • Open any folder
  • Click on “Organize” button
  • Choose “Folder and Search Options”
  • Select the “View” tab
  • Select “Show hidden files and folders” option
  • Uncheck “Hide protected operating system files”
  • Click “Apply” and “OK” button

STEP 3: Locate Peta encryption Virus startup location

  • Once the operating system loads press simultaneously the Windows Logo Button and the R key.


Depending on your OS (x86 or x64) navigate to:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] or

  • and delete the display Name: [RANDOM]

delete backgroundcontainer

  • Then open your explorer and navigate to:

Navigate to your %appdata% folder and delete the executable.

You can alternatively use your msconfig windows program to double check the execution point of the virus. Please, have in mind that the names in your machine might be different as they might be generated randomly, that’s why you should run any professional scanner to identify malicious files.

STEP 4: How to recover encrypted files?

  • Method 1: The first and best method is to restore your data from a recent backup, in case that you have one.

windows system restore

  • Method 2: File Recovery Software – Usually when the ransomware encrypts a file it first makes a copy of it, encrypts the copy, and then deletes the original. Due to this you may try to use file recovery software to recover some of your original files.
  • Method 3: Shadow Volume Copies – As a last resort, you can try to restore your files via Shadow Volume Copies. Open the Shadow Explorer part of the package and choose the Drive you want to recover. Right click on any file you want to restore and click Export on it.

Leave a Comment