What is Pulpy ransomware? And how does it execute its attack?
Pulpy ransomware is another file-encrypting virus designed to leave important files inaccessible after its attack. Just like the previous versions of this ransomware threat, it still uses both the AES 256 and RSA 2048 encryption algorithms in encrypting files. After it infects a computer, it will begin its attack by using an information gathering module to collect information about the infected machine and its user. It then connects to a remote server controlled by the attackers and sends the harvested information. After that, the attackers will drop new malicious files that help the crypto-virus remain undetected and keep programs installed in the computer from interfering with the attack. After these changes, it will start to scan the entire drive of the machine in search for files with specific file types that may be:
.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip
Once the targeted files are found, the encryption process begins. As mentioned, this crypto-virus applies the AES and RSA ciphers in locking files. After it succeeds in encrypting data, it appends the .AES extension to every encrypted file – an indication that the file is encrypted by Pulpy ransomware. Following data encryption, it drops a file named “Instruction.txt” containing the following short text:
“Hello all of your files are encrypted, the decryption of all your file please contact us at email: [email protected]”
How is the malicious payload of Pulpy ransomware disseminated?
This crypto-malware might spread by taking advantage of vulnerable Remote Desktop Protocol or RDP configurations as well as malicious spam email campaigns. Therefore you need to stir clear of any suspicious-looking emails in your inbox no matter how urgent the email may be as crooks tend to disguise their malware-laden emails to make them look important in order to lure you into opening the email and downloading the attachment. So if you see any suspicious emails do not open them and delete them from your inbox right away. It would also be better if you keep both your operating system and antivirus programs up-to-date to strengthen your computer’s security against harmful threats like Pulpy ransomware.
You need to terminate Pulpy ransomware the moment you notice it infiltrating your system. To do so, follow the set of instructions below carefully.
Step 1: Tap Ctrl + Shift + Esc keys to launch the Task Manager.
Step 2: Go to Processes and look for the malicious process of Pulpy ransomware then right click on it and select End Process or End Task.
Step 3: Close the Task Manager and open Control Panel by pressing the Windows key + R, then type in appwiz.cpl and then click OK or press Enter.
Step 4: Look for dubious programs that might be related to Pulpy ransomware and then Uninstall it/them.
Step 5: Tap Win + E to launch File Explorer.
Step 6: After opening File Explorer, navigate to the following directories below and look for the malicious components of Pulpy ransomware like the text file named Instruction.txt and 1d Ptin.exe then remove them all.
Step 7: Close the File Explorer.
Make sure that you are tech savvy enough to the point where you know exactly how to use and navigate your computer’s Registry before you proceed to the next steps below. Keep in mind that any changes you make will highly impact your computer. To save you the trouble and time, you can just use [product-name], this system tool is proven to be safe and excellent enough that hackers won’t be able to hack into it. But if you can manage Windows Registry well, then, by all means, go on to the next steps.
Step 8: Tap Win + R to open Run and then type in regedit in the field and tap enter to pull up Windows Registry.
Step 9: Navigate to the listed paths below and look for the registry keys and sub-keys created by Pulpy ransomware.
- HKEY_CURRENT_USER\Control Panel\Desktop\
- HKEY_USERS\.DEFAULT\Control Panel\Desktop\
Step 10: Delete the registry keys and sub-keys created by Pulpy ransomware.
Step 11: Close the Registry Editor.
Step 12: Empty the contents of Recycle Bin.
Refer to the next advanced steps below to ensure the complete removal of Pulpy ransomware from your system.
Perform a full system scan using [product-code]. To do so, follow these steps:
- Turn on your computer. If it’s already on, you have to reboot
- After that, the BIOS screen will be displayed, but if Windows pops up instead, reboot your computer and try again. Once you’re on the BIOS screen, repeat pressing F8, by doing so the Advanced Option shows up.
- To navigate the Advanced Option use the arrow keys and select Safe Mode with Networking then hit
- Windows will now load the SafeMode with Networking.
- Press and hold both R key and Windows key.
- If done correctly, the Windows Run Box will show up.
- Type in the URL address, [product-url] in the Run dialog box and then tap Enter or click OK.
- After that, it will download the program. Wait for the download to finish and then open the launcher to install the program.
- Once the installation process is completed, run [product-code] to perform a full system scan.
- After the scan is completed click the “Fix, Clean & Optimize Now”button.