Pump ransomware – malicious program created to extort money from companies

Pump ransomware is a cryptovirus that encrypts non-system files on a targeted computer and then demands some sort of a ransom for a decryption tool. This computer virus also steals some of the data by downloading it from host computers to secret servers. This helps the cybercriminals to blackmail their targets in a double-extortion scheme.
Once Pump virus gets access to a computer system it scans for recently or most used files and downloads them. Then, it encrypts all personal files and renames them by appending a .pump extension. Encrypted files are rendered useless, inaccessible.
Following a successful file lockage, .pump file virus generates ransom notes, titled README.txt, and places them in all folders with encrypted files so that they could be found easily. In the note (which is exceptionally short), cybercriminals tell victims what happened to their data, and that they need to write an email to idfgiughderighu@tutanota.com.
| name | Pump ransomware, .pump ransomware virus |
|---|---|
| type | Ransomware |
| Ransom note | README.txt |
| appended file extension | Non-system files are renamed by appending .pump extension to all of them |
| Additional info | Cybercriminals state that they have stolen a lot of data during the cyberattack |
| Criminal contact details | One email is provided to establish contact with the hackers – idfgiughderighu@tutanota.com |
| Ransomware removal | All malware, including the culprit of this article, should be eliminated with the help of trustworthy anti-malware software |
| System health | System repair tool like the FortectIntego app should be used to check for any system irregularities that the cryptovirus might have caused while it was operational |
The ransom note of Pump ransomware is very short and uninformative, unlike other malware like Nobu, Zybvqxefmh, Hmmmmm, which have long and instructive messages. This ransom note contains a statement that the network was breached and all data is encrypted. Also, some of it was stolen.
Creators of Pump virus provide one email to establish contact with them and appoint a very complex user ID that contains alphanumeric characters. And that's it, no more info, nothing about the ransom size or preferred payment method, no threats or free decryption guarantee.
As always, we strongly advise against contacting criminals, as the action carries a lot of risk of losing the money. Whenever hackers get paid, they get motivated to expand their attacks and research new, more efficient malware distribution techniques. Victims should focus on Pump ransomware removal instead of paying the ransom. While there is no guaranteed way to recover data, there are alternative solutions that might just help some victims.

Remove Pump ransomware with time-tested antimalware software like SpyHunterCombo Cleaner or MalwarebytesMalwarebytes to make sure that the cryptovirus and all its elements are deleted properly. Keeping a reliable anti-virus is a must these days, so update its database frequently and it could save you from perils like this in the future.
Malware usually makes alterations to the system registry and other system settings. Experts[1] suggest using a system repair tool right after ransomware elimination to perform a full system scan and fix any irregularities that might have happened. A powerful system tune-up tool like FortectIntego should do the trick.
Message in the generated ransom note from .pump file virus states:
YOUR NETWORK HAS BEEN HACKED AND ALL DATA IS ENCRYPTED
Also a lot of sensitive data has been downloaded from your network
>>>>>>>>>>>>>idfgiughderighu@tutanota.com<;<<<<<<<<<<<<
–
Distribution techniques used by hackers to infect computers with ransomware
In this day and age, there are various types of malware spread out throughout the internet. From annoying adware[2] to cryptocurrency extorting ransomware, threats are lurking everywhere in wait for unaware users to download it. In this paragraph, we're going to talk about two of the most common ways used by cybercriminals to infect everyday computer users' devices – spam emails and file-sharing platforms.
Spam emails are sent out in tens of thousands during so-called spam campaigns. Research shows[3] that almost 250 million phishing emails have been sent out in 2017 alone. Computer users must watch out for these emails. The best way to spot them is by reading throughout them, looking for any grammatical mistakes or any other visible irregularities. Never open any hyperlinks, they might lead to malicious sites. And never download any email attachments without scanning them first with a dependable anti-malware application.
File-sharing platforms like The Pirate Bay, eMule, BitTorrent and others, are a beloved ransomware hiding spot due to the fact that the cybercriminals can upload their viruses and name them whatever they think will lure the eye of soon to be victims. Usually, malware is camouflaged as game cracks, unlocked (pirated) licensed software, game cheat codes, and so on. Refrain from using such platforms. Support your beloved software creators by purchasing their products either directly from them or from their official distributors.

Tutorial for Pump ransomware removal and system tweaking
Dealing with the creators of ransomware might leave the victims in a lose-lose situation, where not only their data but their hard-earned money is gone too. So we recommend victims remove Pump ransomware from infected computers as soon as possible.
Manual Pump ransomware removal is possible but it could take a lot of time and be a bit too hard for inexperienced computer users, so we suggest entrusting this dirty work to reliable anti-malware software like SpyHunterCombo Cleaner or MalwarebytesMalwarebytes. Either of those apps should be able to eliminate the cryptovirus automatically and protect from such instances in the future.
Once the devices are free from Pump virus, users should consider performing a full system scan with a system tune-up tool like the FortectIntego to locate and restore any changes the file locking parasite might have done to system core settings.
Was this guide helpful?
Be the first to comment