Puld Ransomware Is Another Nuisance From the MedusaLocker Family

A New Menace Emerges

There's a strain of ransomware known as Puld. This malicious software is part of the MedusaLocker ransomware family—a well-known group of ransomware programs infamous for data encryption and extortion tactics.

Puld ransomware operates by infiltrating systems, encrypting files, and adding a new extension—".Puld39"—to each locked file. For instance, a file named "document.pdf" would become "document.pdf.Puld39" after infection. Victims soon find a ransom note titled "How_to_back_files.html" left behind, detailing the attacker's demands and threats.

What Puld Ransomware Does

Puld's ransom note reveals that it doesn't just encrypt data—it also steals it. The message informs victims that their network has been compromised and sensitive business information, such as employee records and customer databases, has been exfiltrated. The attackers use this stolen data as leverage, threatening to leak it if users do not meet their demands.

The note sets a strict countdown: if no contact is made within 24 hours, the criminals threaten to delete 24 encrypted files every day that follows. Victims are allowed to send two small files (under 2MB) as a "test decryption," but full recovery is promised only upon payment—typically demanded in cryptocurrency.

Here's what the ransom note says:

YOUR PERSONAL ID:
-

/!\ COMPANY NETWORK HAS BEEN PENETRATED /!\
Your files, documents, databases and all the rest aren't REMOVED. They are ciphered by the most reliable enciphering. It is impossible to restore files without our help. You will try to restore files independent you will lose files FOREVER.

You will be able to restore files so:

1. to contact us by e-mail: files851@2mail.co

* report your ID and we will switch off any removal of files
(if don't report your ID identifier, then each 24 hours will be
to be removed on 24 files. If report to ID-we will switch off it)

* you send your ID identifier and 2 files, up to 2 MB in size everyone.
We decipher them, as proof of a possibility of interpretation.
also you receive the instruction where and how many it is necessary to pay.

1.1

We recommend that you contact us via TOX. (Emails may not be received)

To do this:
1. Download TOX at hxxps://tox.chat/download.html
2. Sign up (takes 1 minute)
3. Add a contact.

Our TOX contact - F2C2DE6BB83CA53450614CE5EFB787DA6E893BE89D4B12F959F7CAB47CED5E502983B374B492

2. you pay and confirm payment.

3. after payment you receive the DECODER program. which you restore ALL YOUR FILES.

----------------------------------------------------------

We downloaded your databases, data of your employees, your customers, etc.
If you and I do not agree, your data will be made public!
We'll give access to other hackers.
We will publicize the media. So attention is provided to you.
But I think we'll make a deal.

Contact us for price and get decryption software.

email:

files851@2mail.co

TOX:

F2C2DE6BB83CA53450614CE5EFB787DA6E893BE89D4B12F959F7CAB47CED5E502983B374B492

If you are not answered within 48 hours. You will need to contact us through additional contacts.

Additional email - files89101@protonmail.com

The Nature of Ransomware

Ransomware like Puld is designed to cripple victims by encrypting critical files and requiring a ransom for their release. These programs often use strong encryption algorithms, making it virtually impossible to decrypt the data without the attacker's private keys.

Puld, like its ransomware relatives (ZV, SafeLocker, 9062, and others), targets both individuals and organizations. The ransom amount varies widely—small for home users but potentially devastatingly high for large companies and institutions. Despite the pressure to pay, security experts consistently warn against it. Not only is there no guarantee that the attackers will provide the decryption key, but paying them directly funds and encouraging future criminal activity.

How Puld Infects Systems

The primary method for spreading ransomware remains unchanged: phishing and social engineering. Victims are often tricked into downloading infected files disguised as legitimate documents or software. These files may come through spam emails, direct messages, or shady download sites.

Puld can also enter systems via backdoor trojans, pirated software, fake updates, or bundled applications downloaded from unreliable sources. In some cases, ransomware can self-propagate through network connections or removable storage devices like USB drives.

Removing Puld and Recovering Data

Eliminating Puld ransomware from a system is essential to prevent further damage, but removing the malware does not decrypt affected files. Unless the ransomware has a critical flaw (which is rare), the only realistic way to recover encrypted files is through a clean backup created before the infection and stored on an external or offline device.

Attempting to pay the ransom is discouraged. Even if you meet all the criminals' conditions, there's no guarantee they'll deliver on their promise. Instead, victims should focus on removing the infection completely, isolating affected systems, and restoring safe data backups.

Preventing Future Infections

Proactive cybersecurity measures are crucial to defending against ransomware like Puld. Start by maintaining regular backups stored in multiple, isolated locations, such as external hard drives and cloud services unconnected from daily operations.

Next, practice safe browsing and email habits. Don't open attachments or click links from unfamiliar or suspicious sources. Download software solely from official websites and avoid pirated or cracked tools, as these are common malware carriers.

Also, ensure that all systems and software are updated regularly using official channels. Vulnerabilities in outdated software are prime targets for ransomware distribution.

Final Thoughts

Puld ransomware is yet another example of how sophisticated and damaging modern ransomware has become. With its roots in the MedusaLocker family, it continues the pattern of encryption, extortion, and exploitation. By understanding how it operates and taking preventive steps, users and organizations can better protect themselves from becoming the next victim of these ever-evolving digital threats.

By Willa
June 12, 2025
Ransomware
English
June 12, 2025
Ransomware

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

5 years ago

Eporner.com And Why Its Excessive Pop-Ups Are Risky

2 months ago

HackTool:Win32/Crack: a Malicious Threat That Can Seriously...

9 months ago

Understand & Mitigate the Threat of W32.AIDetectMalware

11 months ago

What is the Packunwan Trojan Horse Threat and How It May...

12 months ago

A Potentially Serious Threat: Trojan:Win32/Suschil!rfn

2 months ago

Related Posts

Ransomware

ReadSRead Ransomware Joins MedusaLocker Family of Clones

The newest member of the MedusaLocker ransomware family spotted in the wild is called the ReadSRead ransomware. The new variant behaves like most recently discovered MedusaLocker clones do. Files are encrypted by... Read more

July 14, 2022
Ransomware

Oslapisavkusna Ransomware Joins the Zeppelin Ransomware Family

While some ransomware families like Paradise and Dharma seem to be relatively inactive nowadays, there are still some old file-locker variants that show signs of life. The ZEPPELIN Ransomware is one of them, and it... Read more

February 16, 2022
Ransomware

AttackFiles Ransomware Belongs to MedusaLocker Family

During our examination of new files, our research team came across the AttackFiles malicious program, which is associated with the MedusaLocker ransomware family. This type of software is crafted to encrypt files,... Read more

April 12, 2024
English
Loading...

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2025 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.