Remove PLU ransomware

PLU ransomware is a malicious malware infection that encrypts files. The infection uses complex encryption algorithms to encrypt files and makes them unopenable unless a decryptor is first used. This ransomware can be identified by the extension that ends in .plu that gets added to all encrypted files. The malicious actors operating this ransomware demand a payment for the decryptor, though the exact sum is not mentioned in the ransom note. Whatever the requested sum may be, paying is not recommended as it will not necessarily result in file recovery. At the moment, only users who have backups can recover files for free.

 

 

PLU ransomware is a rather generic ransomware infection with no features that would make it stand out from the majority of other ransomware. When the ransomware is initiated, it immediately begins encrypting files. Encrypted files will be immediately identifiable because they’ll have an extension added to them. This ransomware changes file names and adds .plu. For example, a text.txt file would become *random string of characters*.plu. As you’ve likely already noticed, the ransomware targets all personal files, including documents, images, photos, videos, etc., essentially all files that users hold most valuable.

Once the ransomware is done with file encryption, it drops an IMPORTANT.txt ransom note that contains very brief instructions on how to recover files. All the note mentions is that victims need to write an email to pluransom@tutamail.com with their unique ID that’s included in the note. The decryptor’s price is not mentioned and will supposedly be negotiated when victims contact the ransomware operators.

Here is the full IMPORTANT.txt ransom note:

===============================
OOPS, ALL YOUR IMPORTANT FILES ARE ENCRYPTED BY THE RANSOMWARE PLU
WITH A MILITARY-GRADE ENCRYPTION METHOD.
===============================
But don’t worry, all your files will be decrypted if you make the next steps.

1. Write a email to pluransom@tutamail.com with wour unique id ********
2. We will negociate the money needed for the ransomware decryption software.
===============================

It’s generally never recommended to pay the ransom or engage with malicious actors in any way, for that matter. The people behind ransomware infections are cybercriminals, and nothing is forcing them to send a decryptor after they receive a payment. There are also no guarantees that a decryptor will work even if it’s sent to you. While cybercriminals may claim otherwise, they do not operate like a legitimate business. Many ransomware victims in the past have paid ransoms only to receive nothing in return. Whether you pay or not is your decision, but you do need to be aware of the risks.

If you have a habit of regularly backing up your files, you should be able to recover files fairly easily. However, before you connect to your backup, you have to first remove PLU ransomware from your computer. Using an anti-malware program to delete PLU ransomware is necessary, as ransomware is a complex infection that requires a professional program. If you try to remove PLU ransomware manually, you may end up causing additional damage to your device.

If you do not have a backup and are not planning on paying the ransom, your only option is to back up the encrypted files and wait for a free PLU ransomware decryptor to be released. There are no guarantees that such a decryptor will be released, but if it does become available, you will be able to find it on NoMoreRansom.

How does ransomware infect computers?

If you want to avoid ransomware infections in the future, having a reliable anti-malware program and good browsing habits is a good way to start. Users who open unsolicited email attachments, use torrents to download copyrighted content, click on unknown links, etc., are considerably more likely to pick up a malware infection. Thus, developing better online habits is a good way to avoid malware infections.

Because malware is often distributed using emails, it’s important to be able to recognize when an email is malicious. Cybercriminals often disguise these malicious emails as parcel delivery notifications, order confirmations, etc., in order to attract users’ attention. They also use known company names so users recognize them. By claiming that important documents are in the attached files, malicious actors pressure users into opening them. Once the files are opened, users’ computers get infected.

In many instances, these malicious emails are identifiable fairly easily. They’re full of grammar/spelling mistakes, are sent from random-looking email addresses, address recipients using generic words like Customer, User, Member, etc., and generally look very unprofessional. More sophisticated malspam campaigns are difficult to recognize but they’re usually reserved for specific targets. Nonetheless, it’s recommended to always scan all unsolicited email attachments with an anti-malware program or VirusTotal before opening them.

Torrents are another way malware is spread. It’s often found in torrents for popular entertainment content, such as movies, TV series, video games, etc. Keep in mind that by downloading copyrighted content for free from unauthorized sources, you’re not only stealing content but may also be putting your computer and data in danger.

How to remove PLU ransomware

To remove PLU ransomware fully and safely, you must use an anti-malware program. Otherwise, you could cause additional damage to your device, especially if you don’t know what you’re doing. Once the ransomware has been dealt with, you can connect to your backup and start recovering your files.