BooM Ransomware

Your personal files are more vulnerable than you think, and BooM Ransomware proves it. While your files are always at risk of being accidentally deleted or lost due to technical issues, they can also be corrupted by malware. The ransomware can encrypt them, and that means that it can change data to prevent you from reading it. Once a file is encrypted, a decryptor must be applied; otherwise, it remains unreadable. That means that cyber criminals are in full control here, which is why preventing the threat from slithering in is the most important task. If it has slithered in already, the only thing you can do is remove BooM Ransomware. Unfortunately, that will not revive your files. In this report, we discuss both prevention of malware and methods that help delete it once it’s in. If that is exactly what you are interested in, please continue reading.

According to our analysts, BooM Ransomware should drop its files in the %TEMP% directory; however, the launcher of this malware might exist anywhere. That depends on how this malware slithers into your operating system. If you downloaded it yourself (e.g., from a spam email message), you might find it right away. The manual removal guide below lists a few obvious locations where this file might be, but it could also be someplace else. If you do not delete BooM Ransomware right away, it can encrypt files, and it is very aggressive because it can encrypt everything on the disk. All of your media files, photos, and documents are at risk. If a file is encrypted, the “.Boom” extension is added to its original name. The extension does not really serve a reason other than that of a marker, so there is no point in deleting it. Your files will not be restored if you do it. You also can delete the file named “readme_back_files.htm,” which is created by the infection after encryption. You can also open it because it is not a malicious file. That being said, the message in the file must be read with caution.

The message represented by BooM Ransomware is very strange. It basically asks to contact Mohamed Naser Ahmed via Facebook (facebook.com/medoo.hema.92) to obtain a password. There is no other information or explanation, and so the victim is likely to follow the instruction. What would happen if you contacted the attacker behind the infection? Most likely, they would ask you to pay money for a password or a file decryption tool. Whatever you do, do not give your money, open sent files and links, or reveal your own identity. If you message the attacker from your own Facebook account, they could terrorize you for years to come, and you do not want that, do you? So, if you are going to message them, create a fake account. Better yet, do not contact them at all because following any of their instructions could put you at even greater risk, and you are unlikely to get your files back regardless of what you do anyway. Whatever happens, it is most important that you remove BooM Ransomware.

You have two main options when it comes to the elimination of BooM Ransomware. You can try to find and delete the infection’s components manually. Alternatively, you can leave the job to anti-malware software. If you go with the first option, you might be learning a thing or two; however, if you install anti-malware software, you are guaranteed successful malware removal (that is if you choose reliable software), as well as full-time protection. Even if you delete BooM Ransomware manually, we strongly suggest installing anti-malware software without further hesitation because protection is most important when discussing defense against ransomware or any other kind of malware.

Of course, you need to be cautious too. If you keep downloading random programs, visiting suspicious websites, streaming videos illegally, opening strange spam email attachments, or clicking links left and right, you are bound to attract malware sooner or later. However, if you are cautious, you back up your files to secure them in case anything happens, and you also protect your system using anti-malware software, your chances of evading threats are much better!

BooM Ransomware Removal

1. Launch Windows Explorer by tapping, at the same time, keys Win+E.
2. Type %TEMP% into the field at the top and then tap Enter.
3. Delete the malicious [random name].exe file and a file named Tempsvchost.exe.
4. Enter %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ into the Explorer.
5. Delete the file named HOW TO DECRYPT FILES.txt.
6. Check these directories for malicious files and Delete them:
   • %USERPROFILE%\Desktop
   • %USERPROFILE%\Downloads
   • %TEMP%
7. Exit Explorer and then tap Win+R to launch RUN.
8. Enter regedit.exe into the box and click OK to open Registry Editor.
9. Move to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.
10. Delete the value named Alcmeter (linked to the [random name].exe in step 3).
11. Empty Recycle Bin.
12. Install a malware scanner and scan your system to check for remaining malware.