Remove Puma Virus Ransomware (+.Puma File Recovery)

How to Remove Puma Ransomware?

Readers recently started to report the following message being displayed when they boot their computer:

=================!ATTENTION PLEASE!=================

Your databases, files, photos, documents and other important files are encrypted and have the extension: .puma
The only method of recovering files is to purchase an decrypt software and unique private key.
After purchase you will start decrypt software, enter your unique private key and it will decrypt all your data.
Only we can give you this key and only we can recover your files.
You need to contact us by e-mail pumarestore@india.com send us your personal ID and wait for further instructions.
For you to be sure, that we can decrypt your files – you can send us a 1-3 any not very big encrypted files and we will send you back it in a original form FREE.
Discount 50% avaliable if you contact us first 72 hours.

===================================================

E-mail address to contact us:
pumarestore@india.com

Reserve e-mail address to contact us:
BM-2cXonzj9ovn5qdX2MrwMK4j3qCquXBKo4h@bitmessage.ch

Your personal id:
0058qpq3ylnE16aHSgo4Sg0XH3ODhi9ddXBObJMGjZI

Puma is the name of a nasty ransomware threat. It derives from the file extension, you see at the end of each file the tool encrypts. When the process is complete, your data gets locked with the ‘puma’ extension. Let’s explain. Once the Puma ransomware slithers into your PC, it acts up. It uses an encryption algorithm to lock every file you keep on your computer. Music, videos, pictures, documents, archives. Nothing escapes its clutches. Say, you have a photo named ‘yes.jpg.‘ After Puma gets done with it, it becomes ‘yes.jpg.puma.‘ As stated, once that happens, it’s locked. You can no longer access it. And, moving or renaming it, does not help. The only way to unlock the file, is with a special decryption key. The ransomware explains all that, in the ransom note it leaves behind. It’s called !readme.txt. You can find it on your Desktop, as well as it each folder, containing locked files. The note is quite standard. It states the predicament, you’re in, and gives you a way out. If you wish to unlock your data, you must pay a ransom. It’s expected in Bitcoin, and ranges in price. It can go anywhere between 500 and 1000 US Dollars, maybe even more. The ransomware even claims that, if you comply within the first 72 hours, you get a discount. Supposedly, you’ll have to pay less for the decryption key. They demand you contact them via email. Once you do so, you’ll receive further instructions. Do no such thing! Don’t contact them. Don’t send them money. Don’t do any of it. It may seem harsh, but it’s best to accept that your files are lost to you. The fight against a ransomware is rigged against you from the start. No matter what, you can’t win. You either lose money, files, or both. Cut your losses, and only lose files.

How did I get infected with?

Ransomware tools are quite crafty. They resort to deception and finesse, when it comes to infiltrating your system. And, not only do they manage to do that, but they do it undetected. They slither into your PC, unnoticed. How? Well, as stated, they’re masterful in the art of deception. To invade without getting noticed, they turn to the old but gold methods. They hide behind corrupted links, sites, or torrents. Or, use false system or program updates, to conceal their presence. They can also mask themselves by hiding behind freeware. And, of course, spa emails provide an easy way in. These tools attempt to trick you, that you got an email from a legitimate source. Like, from Amazon, or some other well-known company. The email reads that you must click a certain link, or download a specific attachment. If you take it at face value, and follow through the demands, you’ll regret it. That’s how tools, like Puma sneak in. They prey on your lack of vigilance. Don’t grant it. Don’t rush, or give into naivety. Always take the time to be extra thorough, and do your due diligence. Choose caution over carelessness. One eases the infiltration of infections. The other helps to keep them out.

Why is Puma dangerous?

You have a few options, after Puma strikes. Compliance or not. If you comply, and pay the ransom, the scenario can go a variety of ways. None of them good. Let’s go through them. If you contact them, and pay the ransom, you expect the decryption key, right? Well, what if you don’t get it? What if pay the money, but they fail to send you a key? That’s a valid option. Or what if they do send one, but it doesn’t work. That’s also a possibility. And, even if you get the proper one, and it works, what then? Think about it. You pay money to receive means to rid yourself of a symptom, not the infection itself. The encryption is a mere symptom of the ransomware threat. You may free yourself of the encryption, but the infection that caused it, remains. It continues to lurk somewhere in the corners of your system. And, it’s free to strike once more. It can act up again, and lock your data. It can do it a day after you decrypt your data. Or, an hour, a minute, a second. Does that seem like it’s worth the gamble? Don’t waste your money on a lost cause. Accept defeat, and cut your losses. Forsake your files, and move on. Next time, place your faith on backups on external drives.

Puma Removal Instructions

STEP 1: Kill the Malicious Process

STEP 2: Reveal Hidden Files

STEP 3: Locate Startup Location

STEP 4: Recover Puma Encrypted Files

STEP 1: Stop the malicious process using Windows Task Manager

• Open your task Manager by pressing CTRL+SHIFT+ESC keys simultaneously
• Locate the process of the ransomware. Have in mind that this is usually a random generated file.
• Before you kill the process, type the name on a text document for later reference.

• Locate any suspicious processes associated with Puma encryption Virus.
• Right click on the process
• Open File Location
• End Process
• Delete the directories with the suspicious files.
• Have in mind that the process can be hiding and very difficult to detect

STEP 2: Reveal Hidden Files

• Open any folder
• Click on “Organize” button
  
• Choose “Folder and Search Options”
• Select the “View” tab
• Select “Show hidden files and folders” option
• Uncheck “Hide protected operating system files”
• Click “Apply” and “OK” button

STEP 3: Locate Puma encryption Virus startup location

• Once the operating system loads press simultaneously the Windows Logo Button and the R key.

• A dialog box should open. Type “Regedit”
• WARNING! be very careful when editing the Microsoft Windows Registry as this may render the system broken.

Depending on your OS (x86 or x64) navigate to:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

• and delete the display Name: [RANDOM]

• Then open your explorer and navigate to:

Navigate to your %appdata% folder and delete the executable.

You can alternatively use your msconfig windows program to double check the execution point of the virus. Please, have in mind that the names in your machine might be different as they might be generated randomly, that’s why you should run any professional scanner to identify malicious files.

STEP 4: How to recover encrypted files?

• Method 1: The first and best method is to restore your data from a recent backup, in case that you have one.

• Method 2: File Recovery Software – Usually when the ransomware encrypts a file it first makes a copy of it, encrypts the copy, and then deletes the original. Due to this you may try to use file recovery software to recover some of your original files.
• Method 3: Shadow Volume Copies – As a last resort, you can try to restore your files via Shadow Volume Copies. Open the Shadow Explorer part of the package and choose the Drive you want to recover. Right click on any file you want to restore and click Export on it.