How to Remove Pumas Virus File Ransomware (+File Recovery)

How to Remove Pumas Ransomware?

Readers recently started to report the following message being displayed when they boot their computer:

==================================================!ATTENTION PLEASE!==================================================

Your databases, files, photos, documents, databases and other important files are encrypted and have the extension: .pumas
The only method of recovering files is to purchase an decrypt software and unique private key.
After purchase you will start decrypt software, enter your unique private key and it will decrypt all your data.
Only we can give you this key and only we can recover your files.
You need to contact us by e-mail pumarestore@india.com send us your personal ID and wait for further instructions.
For you to be sure, that we can decrypt your files – you can send us a 1-3 any not very big encrypted files and we will send you back it in a original form FREE.
Discount 50% available if you contact us first 72 hours.

====================================================================================================

E-mail address to contact us:
pumarestore@india.com

Reserve e-mail address to contact us:
BM-2cXonzj9ovn5qdX2MrwMK4j3qCquXBKo4h@bitmessage.ch

Your personal id:
0082h9uE76AxDjXNxBHGyUH4cnmWz8r5WOrN4VGu9eJ

 

Pumas is the name of a hazardous ransomware threat. Users have come to calling it so, because of the extension, they get stuck with. Let’s explain. After the ransomware settles, it proceeds to encrypt your files. To complete the process, it splatters an extension at the end of each of your files. In your case, it’s the ‘pumas’ extension. So, if you have a photo called ‘monday.jpg,’ it turns into ‘monday.jpg.pumas.’ Once the infection makes its way into your system, it doesn’t take long before it acts up. The tool uses both AES and RSA 1024-bit encryption algorithms to lock your data. And, by attaching the extension, it solidifies its grip over your files. Once that happens, you can no longer access your files. And, it does target all of them. Documents, images, archives, music, videos. Everything falls under its control. It’s a classic extortion scheme. The infection ceases control of your data, then demands a ransom for its release. After it finishes the encryption, it leaves you a ransom note. You can find it on your Desktop, as well as in each folder that contains locked files. It’s named “!readme.txt,” and explains your predicament. If you wish to decrypt your data, you need a unique decryption key. To get it, you have to pay up. The ransom must get paid in Bitcoin, and the price ranges from 500 to 1000 US Dollars. What’s more, the cyber extortionists offer a 50% discount, “if you contact us first 72 hours.” Do NOT pay these people! Don’t send them a single dime. Don’t contact them. Don’t reach out. In your current predicament, the best course of action, is to forsake your files. Understand that, whatever you attempt, will result in failure. Payment doesn’t guarantee the release of your files. The sooner you accept that as fact, the better. You cannot win against a ransomware. Don’t waste your time or money. Do yourself a favor, and say goodbye to your data. Any other alternative leads to much worse consequences.

How did I get infected with?

The Pumas threat slithered its way in undetected. How do you imagine it managed that? Well, it slipped by you undetected via trickery. The infection resorts to the old but gold invasive methods. They hide behind freeware, or corrupted sites, links, or torrents. They use fake system or program updates to conceal themselves. And, of course, they turn to spam emails. You seemingly receive an email from a well-known reputable company. Like, Amazon or DHL. It contains a link or an attachment that you get urged into clicking and downloading. And, if you do, you end up with an infection. The Pumas ransomware slithers into your PC because of your carelessness. If you give into naivety and rush, you risk installing ransomware, on accident. Don’t rush! Don’t skip doing due diligence. Always take the time to be vigilant, and don’t leave your fate to chance. Even a little extra attention can save you a ton of troubles. So, always choose caution over carelessness.

Why is Pumas dangerous?

The Pumas infection is quite dreadful. It infiltrates your system, then corrupts your data, and takes control of them. And, it proceeds to extort you. The ransomware promises to send you the decryption key, you need to free your files. That is, after you transfer the requested amount. But, here’s the thing. You have ZERO guarantees that it will. After all, you’re dealing with cyber criminals. Can you truly trust them to keep their word? The answer is ‘no.’ You can’t. These are cyber extortionists, who keep your data hostage. Don’t rely on them to keep their promises. Even if you comply, they can double-cross you. And, likely, will. If you choose to pay the ransom, what happens next? You send the money, and await the decryption key that was promised. What if they don’t send one? Or, send a key, but it’s not the right one? You lose money, and your data remains locked. But, even in the best-case scenario, it’s still not good. Even if you pay, receive the key, and unlock your files, what then? You didn’t remove the ransomware itself, only the encryption. So, the infection remains, free to strike once more. It can act up a day, hour, or a mere second, after you decrypt your data. And, you’re back to square one. Don’t take that route. Don’t waste your money! Cut your losses, and forsake your files. It’s a tough call to make, but it’s the right one. Create backups on external sources, and use cloud services. That’s the best way to protect your files from the clutches of ransomware threats.

Pumas Removal Instructions

STEP 1: Kill the Malicious Process

STEP 2: Reveal Hidden Files

STEP 3: Locate Startup Location

STEP 4: Recover Pumas Encrypted Files

STEP 1: Stop the malicious process using Windows Task Manager

• Open your task Manager by pressing CTRL+SHIFT+ESC keys simultaneously
• Locate the process of the ransomware. Have in mind that this is usually a random generated file.
• Before you kill the process, type the name on a text document for later reference.

• Locate any suspicious processes associated with Pumas encryption Virus.
• Right click on the process
• Open File Location
• End Process
• Delete the directories with the suspicious files.
• Have in mind that the process can be hiding and very difficult to detect

STEP 2: Reveal Hidden Files

• Open any folder
• Click on “Organize” button
  
• Choose “Folder and Search Options”
• Select the “View” tab
• Select “Show hidden files and folders” option
• Uncheck “Hide protected operating system files”
• Click “Apply” and “OK” button

STEP 3: Locate Pumas encryption Virus startup location

• Once the operating system loads press simultaneously the Windows Logo Button and the R key.

• A dialog box should open. Type “Regedit”
• WARNING! be very careful when editing the Microsoft Windows Registry as this may render the system broken.

Depending on your OS (x86 or x64) navigate to:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

• and delete the display Name: [RANDOM]

• Then open your explorer and navigate to:

Navigate to your %appdata% folder and delete the executable.

You can alternatively use your msconfig windows program to double check the execution point of the virus. Please, have in mind that the names in your machine might be different as they might be generated randomly, that’s why you should run any professional scanner to identify malicious files.

STEP 4: How to recover encrypted files?

• Method 1: The first and best method is to restore your data from a recent backup, in case that you have one.

• Method 2: File Recovery Software – Usually when the ransomware encrypts a file it first makes a copy of it, encrypts the copy, and then deletes the original. Due to this you may try to use file recovery software to recover some of your original files.
• Method 3: Shadow Volume Copies – As a last resort, you can try to restore your files via Shadow Volume Copies. Open the Shadow Explorer part of the package and choose the Drive you want to recover. Right click on any file you want to restore and click Export on it.