What is Cyber_Puffin Ransomware?


Cyber_Puffin ransomware is the name of yet another ransomware strain spotted recently in the wild.

The ransomware does not belong to any bigger family of clones using the same source code. Cyber_Puffin will encrypt the victim system and leave files on it in an unusable state.

Encrypted file types include the usual - documents, archives, databases and media files will all be scrambled by the malware. Once encrypted, files receive the ".Cyber_Puffin" extension.

When encryption is finished, the Cyber_Puffin ransomware changes the system wallpaper to a photo of an actual puffin bird and deposits its ransom note inside a file called "Cyber_Puffin.txt". The full ransom note goes as follows:

Attention! All your files are encrypted!
To restore your files and access them,
send an SMS with the text C32d4 to the User @lamer112311

You have 1 attempts to enter the code. If this
amount is exceeded, all data will irreversibly deteriorate. Be
careful when entering the code!

Glory to @Cyber_Puffin

The ransom note is almost identical to the Exploit6 ransomware note, only Cyber_Puffin does contain a code string. Of course, negotiating with cybercriminals is never advisable and the best option to restore your files is always to resort to offline backups.

September 26, 2022