Home Malware Programs Ransomware '.PUMA File Extension' Ransomware

'.PUMA File Extension' Ransomware

Posted: November 26, 2018

The '.PUMA File Extension' Ransomware is a new version of the STOP Ransomware, a threat that can block your files while changing their names and delivering ransoming messages. Criminals may introduce this threat to a PC by using brute-force attacks for breaking into the network or distributing the installer through e-mail. Appropriately protected backups are the only free method for restoring your locked files, but a majority of anti-malware products will identify and remove the '.PUMA File Extension' Ransomware appropriately.

Trojans Pouncing on Your Media

The STOP Ransomware is a small example of Ransomware-as-a-Service relatively when contrasted with more newsworthy competitors like the Scarab Ransomwar or the Dharma Ransomware update of the Crysis Ransomware. However, its features are more than sufficient for the task of locking files for ransom money, which is continuing with its latest variant of the '.PUMA File Extension' Ransomware. Some additional variations on this threat may include different extensions, such as lower-case 'puma' or 'pumax.'

The '.PUMA File Extension' Ransomware has been in circulation in the wild for at least a week since late November. Malware experts have yet to verify what installation or distribution exploits the '.PUMA File Extension' Ransomware is using, but most RaaS Trojans utilize either spam e-mails or brute-force attacks. Brute-force attacks may 'guess' login credentials and let remote attackers access the network, while spam e-mails are likely of disguising the Trojan's installer as a document, such as an invoice or a fax machine message.

The '.PUMA File Extension' Ransomware has yet to show any signs of using different file-locking features from those of other components of the family, such as the INFOWAIT Ransomware, the KEYPASS Ransomware, the '.CONTACTUS File Extension' Ransomware and the '.WHY File Extension' Ransomware. The AES encryption routine it runs will convert your files to unusable formats until a decryptor re-converts them back to 'normal.' Readers should take note that malware experts are re-confirming that the '.PUMA File Extension' Ransomware's family continues being one of those without a free decryption solution.

Fending Off the Wild Beasts Feasting on Your Files

Although a Russian AV vendor is offering potential premium decryption help to any users who can provide the appropriate file samples, decryption is not guaranteed, even for users with the proper data and money. Windows users should be aware of the risks posed by non-consensual encryptors and always back up their valuable media to other devices. The '.PUMA File Extension' Ransomware may erase the Shadow Volume Copies, disable some security features or compromise other PCs over vulnerable network connections, as well.

Using traditionally-secure logins will prevent most means by which a brute-force attack could succeed in breaching your local network. Users, also, should watch their RDP and firewall settings for unexpected changes or vulnerabilities. PCs equipped with anti-malware tools of most, major brands should remove the '.PUMA File Extension' Ransomware before it succeeds in installing itself by any other method or encoding your files.

The '.PUMA File Extension' Ransomware's threat actors are using a combination of deadlines and 'free sample' offers for convincing their victims into paying ransoms. Although malware experts can't endorse such choices, for anyone without a backup, their only alternative may be submitting to the loss of all their media.

Loading...