Putty Ransomware Remove and Restore Files - How to, Technology and PC Security Forum | SensorsTechForum.com

Putty Ransomware Remove and Restore Files

Article created to help remove Putty ransomware virus from your computer and restore the files encrypted by it via AES algorithm.

A ransomware virus named the same way as the notorious network connection management tool PuTTy has appeared in the wild. The virus uses Advanced Encryption standard to encode the important files on the computers it infects. After this, the Putty ransomware may request from victims to pay a hefty ransom fee to decrypt files encrypted by the virus. The Putty ransomware may be spread on a global scale, so if your system has been infected by it, we advise you to read the following material.

Threat Summary


Putty Virus

Short DescriptionThe malware encrypts users files using a strong encryption algorithm, making direct decryption possible only via a unique decryption key available to the cyber-criminals.
SymptomsThe user may witness ransom notes and “instructions”, linking to contacting the cyber-criminals.
Distribution MethodVia an Exploit kit, Dll file attack, malicious JavaScript or a drive-by download of the malware itself in an obfuscated manner.
Detection Tool See If Your System Has Been Affected by Putty Virus


Malware Removal Tool

User ExperienceJoin our forum to Discuss Putty Virus.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

Putty Ransomware – How Does It Infect

The infection process of Putty begins with it’s methods of distribution. The virus has a payload file which is named CamSnap.exe. This file can be identified with the following SHA256:

  • 07ba533a694e1733f8ef1c18ac191867382f4ca7a51244cda6ef5ec119fbfe53
  • wfdb8c7c1fa5b44419ae43679be83782f46cb40b422805c86c7cc4ffe72454f6f

Both the CamSnap files are uploaded in VirusTotal, but only one of them has a high detection rate:

This executable (CamSnap) may imitate the installer of a program aiming to make it easier how one takes pictures with his web camera, according to the publisher’s description:

Image Source: Cnet

This points out to this ransomware being distributed via fake installers of programs. These installers may be uploaded on Torrent websites as well as sites that offer free software.

Putty Virus – More Information

After the malicious executable is opened, the Putty virus may run an obfuscated script which may inject code into legitimate Windows processes, such as rundll32.exe and svchost.exe. Then, more malicious files may be dropped onto the user’s computer. The files may be located in the following Windows directories:

  • %AppData%
  • %Roaming%
  • %Local%
  • %SystemDrive%
  • %Windows%

Then, the Putty virus may execute the vssadmin command used to delete shadow volume copies from the infected computer.

After this command has been initiated, the Putty virus may also take advantage of the Windows Registry editor by modifying different Windows Registry sub-keys within it. The usually targeted of those are the following:

→ HKEY_CURRENT_USER\Control Panel\Desktop\
HKEY_USERS\.DEFAULT\Control Panel\Desktop\

Putty Ransomware – Encryption Process
As soon as Putty ransomware begins the encryption process, the virus is pre-configured to target files of the following file types:

  • Microsoft Office documents.
  • PDF documents.
  • Videos.
  • Archive files.
  • Audio files.
  • Images.
  • OpenOffice documents.

In addition to this, the ransomware infection also begins to employ the AES (Advanced Encryption Standard) algorithm on the files, making them no longer openable. After the encryption process is complete, Putty ransomware may drop a ransom note type of file on the computer of the victim asking for a hefty payoff to be made to get the encrypted files back.

Remove Putty Ransomware and Restore Files Encrypted by It

For the removal of this virus, we recommend you to follow the removal instructions in this article below. They will help you fully get rid of Putty ransomware’s malicious files. In case you are having difficulties in manually removing this virus, experts advise using an advanced anti-malware program as the best tool for the job, because it will automatically get rid of all malicious objects and protect the system in the future.

In case your system’s files have been encrypted by Putty ransomware, recommendations are to focus on restoring them using the alternative methods in step “2. Restore files encrypted by Putty Virus” below. But, bear in mind that some these methods tamper with the files and you should backup the encrypted data before trying to mess with it.

Manually delete Putty Virus from your computer

Note! Substantial notification about the Putty Virus threat: Manual removal of Putty Virus requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

1. Boot Your PC In Safe Mode to isolate and remove Putty Virus files and objects
2.Find malicious files created by Putty Virus on your PC

Automatically remove Putty Virus by downloading an advanced anti-malware program

1. Remove Putty Virus with SpyHunter Anti-Malware Tool and back up your data
2. Restore files encrypted by Putty Virus
Optional: Using Alternative Anti-Malware Tools

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.