Pulpit ransomware – cryptovirus created for money extortion from its victims

Pulpit ransomware is a computer virus is known for its ability to lock all the personal files on a Windows computer and hold them hostage until ransom is paid. Encryption is done by using AES encryption algorithm, which is known to use a symmetric key for locking data.[1] When the files are being encrypted, the virus also renames all data by appending a .pulpit extension, hence the name of the malware (although, originally, it stems from larger malware family known as Hakbit).
When the first part is done, then pulpit ransomware creates ransom notes, titled HOW_TO_DECYPHER_FILES.txt, and drops them in all contaminated folders. Usually, ransom notes are long with instructions, threats, with guarantees of free decryption for at least a couple of files (as seen in Konx, Sss ransomware). But that's not the case with the pulpit virus. Creators of the cryptovirus just tell the victims that their files are safe and then provide two emails (suppforunl@firemail.cc, suppforunl@rape.lol) and an instant messaging service Jabber ID (suppforunl@xmpp.jp). A key identifier is also given so the cybercriminals would know how to identify their victims. And that's it, nothing about ransom amount or the preferred payment method.
| name | Pulpit ransomware, pulpit virus |
|---|---|
| Type | Ransomware, cryptovirus |
| Appended file Extension | .pulpit extension is added to all non-system files |
| Ransom note | HOW_TO_DECYPHER_FILES.txt can be found on all affected folders |
| Criminal contact details | Two emails – suppforunl@firemail.cc, suppforunl@rape.lol, and a Jabber ID suppforunl@xmpp.jp are provided to establish contact |
| Distribution | Spam emails, file-sharing platforms |
| Virus elimination | Users should use trustworthy anti-malware software to get rid of ransomware |
| System fix | After .pulpit virus elimination, victims should take care of the health of their device by using the FortectIntego tool to scan and fix any damage the virus might have caused to the system files |
As tempting as it might be to pay the ransom, get their files back, and leave this nightmare behind them – it's the worst thing that the victims could do. When creators of malware, such as pulpit ransomware, get what they want, they not only get financed to further expand their attacks but also to research new and more sophisticated viruses and more refined distribution methods.
There are many types of malware,[2] from very dangerous trojan horses to the pesky adware, but all of it should be removed immediately before more harm is done to the systems. Manual ransomware removal is a lengthy and difficult process, even for tech-savvy people, so it should be left to the professionals.
We recommend using SpyHunterCombo Cleaner and MalwarebytesMalwarebytes anti-malware software to remove pulpit ransomware from infected computers. These programs have great anti-virus engines and are capable to detect incoming threats so they might save from cyber attacks in the future.

Pulpit virus elimination won't decrypt your files. If you didn't have backups and since there is no decryption tool available to the public you should export all infected files to an offline storage device, and wait for the said tool to be created. If you had backups, then run a full scan with the FortectIntego tool to fix any damage that the virus might have caused to system files and settings, and only then retrieve your data.
The brief message from the creators of pulpit ransomware found on HOW_TO_DECYPHER_FILES.txt:
Your files are safe…
Contact emails: suppforunl@firemail.cc and suppforunl@rape.lol (spare) or jabber suppforunl@xmpp.jp
Key Identifier:
Most common distribution techniques of malware
As we mentioned before, the are different malware types, like adware, worms, ransomware, trojan horses, etc. Their distribution methods differ but still, the most common way to get your device infected is either by spam emails or file-sharing platforms.
Torrent websites and other file-sharing platforms are an ideal place for cybercriminals to spread malware. They can name ransomware files whatever they think will lure unaware computer users. Might be titled as a newly presented game crack (i.e. illegal activation toolkit), or pirated software, or even a list of cheat codes for a game you want to get ahead in. Please refrain from using those kinds of sites.
Another sure way to get malware on your device is by opening hyperlinks in spam emails or downloading their attachments. Cybercriminals will try to trick you into pushing these hyperlinks – stay away from them! Also, never download any email attachments without scanning them first with a reliable up-to-date anti-malware software, because ransomware payload files are often hidden there.

Guidelines for Pulpit ransomware removal and system tune-up
All malware should be dealt with swiftly, and there's only way to deal with it – get rid of it. We recommend using time-proven antimalware apps like SpyHunterCombo Cleaner and MalwarebytesMalwarebytes to remove Pulpit virus automatically with all its allocated files. Do that immediately, because the longer the cryptovirus stays in your device, the more harm it can do.
Once Pulpit ransomware removal is complete don't rush to restore your data from backups. First, you need to take care of the health of your devices and only then you can retrieve your files. Experts[3] suggest using a powerful FortectIntego tool to get your system back on track.
Was this guide helpful?
Be the first to comment