.PUMA Ransomware File Extension

If you see .puma or .pumas extension attached to almost all of your files, you probably infected your machine with a threat called .PUMA Ransomware File Extension. It is a malicious application that locks user’s data and then shows a note demanding for payment. In exchange, the note may suggest the user will receive decryption tools that could unlock all affected files. Even if you want to get your data back badly, we advise you not to make rash a decision. There is a possibility the malicious application’s developers could scam you. Plus, our researchers report there is a free decryption tool designed by cybersecurity experts that can be downloaded from the Internet. Thus, if you do not want to pay a ransom, we encourage you to remove .PUMA Ransomware File Extension Ransomware with the instructions available below or your chosen antimalware tool.

In most cases, threats like .PUMA Ransomware File Extension Ransomware travel as software installers, various email attachments, updates, and so on. To be more precise, the hackers might disguise the malware’s launcher and distribute it via Spam emails, file-sharing web pages, or other channels alike. Our researchers say that the sample they came across pretended to be a system update. You should never install updates or files that look like them if they come from unofficial sources.

Most programs remind users when they need to be updated and even lead users to legitimate sites containing the updates’ installers themselves. Thus, if you suddenly see a pop-up saying you need to update something right away, you should first find out where it comes from. Also, it would be wise to check if there really is a new update. Lots of tools show their version and provide links to their official sites where you should find information about new versions if they exist, so instead of trusting the pop-up, we would recommend checking the application that supposedly needs the update. Plus, it is always a good idea to scan data coming from unknown sources with a reliable antimalware tool before launching it if you wish to avoid threats like .PUMA Ransomware File Extension.

The malicious application should try to trick the user into believing he is installing a Windows update since it opens a pop-up window claiming it is “installing important updates Windows.” The missing word in the sentence and other mistakes in the text should suggest that something is not right. Besides, the .PUMA Ransomware File Extension pop-up should list update’s steps instead of switching from one to another, which ought to raise suspicion just the same. Nonetheless, the appearance of the pop-up looks somewhat similar to the appearance of legitimate Windows pop-ups, which is why users who pay no attention to what the notification says may not suspect anything.

Unfortunately, by the time the fake update gets installed, .PUMA Ransomware File Extension should finish encrypting targeted victim’s files. Our researchers say the malicious application could focus on various documents, photos, pictures, archives, and so on. After being locked, the files should have a second extension, which as we mentioned earlier might be .puma, .pumas, or something similar. For example, a file called picture.jpg could turn into picture.jpg.puma or picture.jpg.pumas.

The next thing the malicious application should do is drop a text document demanding to pay a ransom. It does not say what the price is but mentions the user will get a 50% discount if he contacts the malware’s developers within 72 hours. The question is how you can know the price will be with the discount when there is no mention of the full price. Finally, the most important question is can you be certain the threat’s developers will deliver decryption tools as they promise. If not, we advise you not to risk your money and erase .PUMA Ransomware File Extension. To get rid of it manually you should follow the steps provided at the end of the article, although keep in mind it might be easier to employ a reliable antimalware tool.

Restart the computer in Safe Mode

Windows 8/Windows 10

1. Tap Win+I for Windows 8 or open Start menu for Windows 10.
2. Press the Power button.
3. Click and hold Shift then click Restart.
4. Pick Troubleshoot and choose Advanced Options.
5. Go to Startup Settings and click Restart.
6. Press F5 and restart the PC.

Windows XP/Windows Vista/Windows 7

1. Navigate to Start, select Shutdown options and pick Restart.
2. Press and hold F8 when the PC starts restarting.
3. Mark Safe Mode with Networking.
4. Select Enter and log on.

Eliminate .PUMA Ransomware File Extension

1. Click Win+E.
2. Find these locations:
   %TEMP%
   %USERPROFILE%\desktop
   %USERPROFILE%\downloads
3. Look for the threat’s installer, e.g., updatewin.exe; then right-click it and press Delete.
4. Go to %TEMP% again.
5. Search for a malicious file with a double .tmp.exe extension, e.g., ac06.tmp.exe, right-click it and press Delete.
6. Navigate to %LOCALAPPDATA%
7. Look for folders with long random titles, e.g., 31776287-ef72-6bc2-c780-m8e47e1c207c, right-click them and choose Delete.
8. Then find these paths:
   %USERPROFILE%\Local Settings\Application Data
   %LOCALAPPDATA%
9. Locate files called script.ps1 or similarly, right-click them and press Delete.
10. Exit File Explorer.
11. Press Win+R.
12. Type Regedit and press Enter.
13. Go to this path: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
14. Locate a value name called SysHelper, right-click it and press Delete.
15. Exit Registry Editor.
16. Empty Recycle bin.
17. Restart the system.