.puma Files Virus – How to Remove It
THREAT REMOVAL

.puma Files Virus – How to Remove It

OFFER

SCAN YOUR PC
with SpyHunter

Scan Your System for Malicious Files
Note! Your computer might be affected by .puma Files Virus and other threats.
Threats such as .puma Files Virus may be persistent on your system. They tend to re-appear if not fully deleted. A malware removal tool like SpyHunter will help you to remove malicious programs, saving you the time and the struggle of tracking down numerous malicious files.
SpyHunter’s scanner is free but the paid version is needed to remove the malware threats. Read SpyHunter’s EULA and Privacy Policy

This blog post has been made with the main idea to help explain what is the .puma files ransomware virus and how you can remove this variant of STOP ransomware and try to recover your encrypted files.

A new virus version of STOP ransomware has been detected in the wild. The ransomware uses the .puma file extension which It ads each time when files are encrypted. The virus then drops a ransom note, aiming to notify users that their files are encrypted and they should pay a hefty ransom in order to get them back. If your computer has been infected by the .puma files virus, we recommend that you read this article thoroughly.

Threat Summary

Name.puma Files Virus
TypeRansomware, Cryptovirus
Short DescriptionAims to encrypt the files on your computer and then extort you into paying ransom.
SymptomsFiles are encrypted with the .puma file extension added to their original one. A ransom note, called readme.txt shows up in the folder with encrypted files.
Distribution MethodSpam Emails, Email Attachments, Executable files
Detection Tool See If Your System Has Been Affected by .puma Files Virus

Download

Malware Removal Tool

User ExperienceJoin Our Forum to Discuss .puma Files Virus.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

.puma Files Virus – Update December 2018

There is a decrypter tool released for .puma, .pumax, and .pumas variants of STOP ransomware. The tool was released thanks to the Proof of Concept by AfshinZlfgh and Michael Gillespie’s finishing touches. You can download it via the .puma, .pumax, .pumas Decryption Tool link. The tool requires a pair of an original file and its encrypted version.

.puma Files Virus – Distribution Methods

The primary method of being spread that is used is believed to be via e-mail spam. These types of malspam messages are often used to convince the victim to manually download and run the infection file. To convince victims, the crooks often fake the attachments as if they were completely legitimate type of files, such as:

  • Invoices.
  • Receipts.
  • Order details.
  • Account security reports.
  • Something that is work-related.

In addition to this, you may encounter the infection file of this ransomware virus to be lying around uploaded on a suspicious third-party website. There, the virus may be masked as different desirable program for download, like:

  • Game patch.
  • Crackfix.
  • Online software activator.
  • Key generator.
  • %Portable version of a program.

.puma Files Virus – Activity

When the .puma ransomware infects your computer, the virus may immediately drop the payload files that conduct its malicious operations. These types of payload files are created in the commonly used Windows directories:

  • %AppData%
  • %Local%
  • %Temp%
  • %LocalLow%
  • %Roaming%

Among the files, dropped by the .puma files virus is the ransom note, named readme.txt. It contains the following message:

==================================!ATTENTION PLEASE!===========================================

Your databases, files, photos, documents and other important files are encrypted and have the extension: .puma
The only method of recovering files is to purchase an decrypt software and unique private key.
After purchase you will start decrypt software, enter your unique private key and it will decrypt all your data.
Only we can give you this key and only we can recover your files.
You need to contact us by e-mail [email protected] send us your personal ID and wait for further instructions.
For you to be sure, that we can decrypt your files – you can send us a 1-3 any not very big encrypted files and we will send you back it in a original form FREE.
Discount 50% available if you contact us first 72 hours.

===============================================================================================

E-mail address to contact us:
[email protected]

Reserve e-mail address to contact us:
[email protected]

Your personal id:

When the payload of the .puma files virus is dropped on the victims’ computer, the ransomware may begin to modify the Windows Registry Editor. This is conducted by creating multiple different registry entries that allow it to run files automatically or disable certain Windows defenses. These can be the following sub-keys:

→ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Background
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Personalization
HKEY_CURRENT_USER\Control Panel\Desktop\ScreenSaveTimeOut
HKEY_CURRENT_USER\Control Panel\Desktop
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce

These sub-keys may contain entries with data that could lead you to the actual location of the malicious files, belonging to .puma file ransomware.

In addition to this, the virus may begin to execute malicious scripts that may delete the backups of Windows and disable System Restore. The commands are usually entered as an administrator, which means that .puma Ransomware obtains administrator rights to do so. The commands may be the following and they may be entered in Windows Command Prompt:

→ sc stop VVS
sc stop wscsvc
sc stop WinDefend
sc stop wuauserv
sc stop BITS
sc stop ERSvc
sc stop WerSvc
cmd.exe /C bcdedit /set {default} recoveryenabled No
cmd.exe /C bcdedit /set {default} bootstatuspolicy ignoreallfailures
C:\Windows\System32\cmd.exe” /C vssadmin.exe Delete Shadows /All /Quiet

These stop commands are used to stop critical Windows services, such as Windows Defender, System Recovery and BITS, all of which could obstruct encryption.

.puma Files Virus Encryption Process

To encrypt the files on the compromised computer, the .puma file ransomware may use different types of encryption algorithms. These ciphers often turn out to be either AES or RSA encryption algorithms, but usage of newer and faster ciphers is also possible, like Salsa20, used by

What is GANDCRAB 5.0.5 ransomware virus? How to remove GANDCRAB v5.0.5 ransomware? How to restore files, encrypted by GANDCRAB 5.0.5 cryptovirus?
GandCrab ransomware.

For the encryption process, the .puma files virus firstly scans your computer for documents, images, audio and video files and several other file types that are often used. The .puma files virus may scan the files and detect them, based on their file extensions:

→ “PNG .PSD .PSPIMAGE .TGA .THM .TIF .TIFF .YUV .AI .EPS .PS .SVG .INDD .PCT .PDF .XLR .XLS .XLSX .ACCDB .DB .DBF .MDB .PDB .SQL .APK .APP .BAT .CGI .COM .EXE .GADGET .JAR .PIF .WSF .DEM .GAM .NES .ROM .SAV CAD Files .DWG .DXF GIS Files .GPX .KML .KMZ .ASP .ASPX .CER .CFM .CSR .CSS .HTM .HTML .JS .JSP .PHP .RSS .XHTML. DOC .DOCX .LOG .MSG .ODT .PAGES .RTF .TEX .TXT .WPD .WPS .CSV .DAT .GED .KEY .KEYCHAIN .PPS .PPT .PPTX ..INI .PRF Encoded Files .HQX .MIM .UUE .7Z .CBR .DEB .GZ .PKG .RAR .RPM .SITX .TAR.GZ .ZIP .ZIPX .BIN .CUE .DMG .ISO .MDF .TOAST .VCD SDF .TAR .TAX2014 .TAX2015 .VCF .XML Audio Files .AIF .IFF .M3U .M4A .MID .MP3 .MPA .WAV .WMA Video Files .3G2 .3GP .ASF .AVI .FLV .M4V .MOV .MP4 .MPG .RM .SRT .SWF .VOB .WMV 3D .3DM .3DS .MAX .OBJ R.BMP .DDS .GIF .JPG ..CRX .PLUGIN .FNT .FON .OTF .TTF .CAB .CPL .CUR .DESKTHEMEPACK .DLL .DMP .DRV .ICNS .ICO .LNK .SYS .CFG”

After the virus detects the files, it may either directly tamper with them or delete the original ones and create encrypted copies of them, containing the .puma file suffix added to the file itself:

Remove .puma File Ransomware and Try Restoring Your Data

If you want to remove this ransomware virus from your computer, we do recommend that you backup your files beforehand, because the removal may be risky.

To try and remove .puma files virus manually, you can go ahead and follow the instructions we have set up for you below and use them in combination with the informaton about the virus we have written in this article. If manual removal is not the solution for you, experts often recommend removing ransomware viruses, like the .puma file variant automatically with the aid of an advanced anti-malware program. The main idea behind such software is to thoroughly scan your system for any .puma Ransomware – related files and objects and make sure that it is clean from all of them.

If you want to try and restore files, encrypted by the .puma files ransomware, we recommend that you attempt using the file recovery methods we have posted underneath. They come with no guarantee, but with their aid, you may be able to recover at least some of your encrypted files.

Note! Your computer system may be affected by .puma Files Virus and other threats.
Scan Your PC with SpyHunter
SpyHunter is a powerful malware removal tool designed to help users with in-depth system security analysis, detection and removal of threats such as .puma Files Virus.
Keep in mind, that SpyHunter’s scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter’s malware removal tool to remove the malware threats. Read our SpyHunter 5 review. Click on the corresponding links to check SpyHunter’s EULA, Privacy Policy and Threat Assessment Criteria.

To remove .puma Files Virus follow these steps:

1. Boot Your PC In Safe Mode to isolate and remove .puma Files Virus files and objects
2. Find files created by .puma Files Virus on your PC

Use SpyHunter to scan for malware and unwanted programs

3. Scan for malware and unwanted programs with SpyHunter Anti-Malware Tool
4. Try to Restore files encrypted by .puma Files Virus

Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...