BBOO Ransomware

BBOO Ransomware is one nasty infection that no Windows user wants to face. This dangerous infection was designed to encrypt files, and it does that successfully if only it gets the chance to slither in. Sadly, it does not take much for this malware to invade operating systems that are unguarded and whose owners are careless. According to our researchers, in most cases, RDP vulnerabilities and spam emails are used to spread this malware. When it comes to vulnerabilities, Windows users are responsible for downloading the latest patches to ensure security. As for spam emails, it is also the responsibility of users to recognize misleading messages sent to scam them. If the targeted system is not guarded appropriately, nothing can stop the infection from encrypting files successfully. Do you think you can detect and remove BBOO Ransomware before it corrupts files? Sadly, that is unlikely to be the case, and you are more likely to discover that you need to delete malware only after all of your files are encrypted.

Although BBOO Ransomware is a terrible infection, it is not the worst one of its kind. That is due to the fact that it derives from the STOP Ransomware family. This family is known for Reha Ransomware, Nbes Ransomware, Hets Ransomware, and hundreds of other infections, and since there are so many of them, malware experts have paid extra attention to it. This is why a free decryptor was created. Can you use it to decrypt the files corrupted by BBOO Ransomware? We cannot be 100% sure about that, but if you want to restore files, using the free STOP Decryptor might be your only option. Of course, you do not need to trouble yourself with finding and using the tool if you have backups. Backups can be stored online or on external drives (note that it is best to keep them outside the computer), and they can be used to replace files that are lost, deleted by accident, or – as in this case – encrypted by malware. If you have backups, we suggest removing the infection immediately. Afterward, replace the encrypted files.

Unfortunately, it is possible that some victims of BBOO Ransomware will not have backups, or that they will not be able to use a free decryptor. Perhaps, they will not even know that such a tool exists. These are the victims that the attackers behind the infection are after. Once files are fully encrypted, a file named “_readme.txt” is dropped, and the message inside is meant to convince that files can be restored only if a private key and a special decryption tool are obtained. The price for the key and the tool is $490, and to learn more about the payment, the victim is meant to email helpdatarestore@firemail.cc and/or helpmanager@mail.ch. If you have no other option, you might consider paying the ransom, but we do not recommend doing that. Your files were encrypted by cybercriminals, and they did that so that they could make money. Although they care about making money, they do NOT care about decrypting your files. Therefore, even if you communicate with the attackers and pay the ransom in full, the files with the “.bboo” extension attached to them are likely to remain encrypted.

We have prepared a manual removal guide that, hopefully, will help you delete BBOO Ransomware. The biggest issue is that we cannot point you to the launcher of the infection because it could be pretty much anywhere. Can you identify this file? If you can, deleting it and the remaining components should not take long. Even still, you need to think about Windows protection because, clearly, there are security holes though which malware can jump in. Therefore, whether or not you can remove BBOO Ransomware manually, we advise installing anti-malware software. Choose the software you can trust because once it is installed, you will not need to worry about the removal of existing threats or the protection against the threats that you might encounter in the future. Also, do not forget to create backups of all personal files in the future. Even though it might be a hassle, it is important to be prepared for the malware that could try to hijack, delete, or corrupt your files in the future.

BBOO Ransomware Removal

1. Delete the ransom note file named_readme.txt.
2. Find and Delete the {unique name}.exe file that executed the infection.
3. Tap Win+R keys to open the Run dialog box.
4. Type regedit into the box and then click OK to launch Registry Editor.
5. Move to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.
6. Delete the value named SysHelper (take note of the file name in the value data).
7. Exit Registry Editor and then tap Win+E keys to open the File Explorer.
8. Enter %WINDIR%\System32\Tasks\ into the field at the top.
9. Delete the task that is named Time Trigger Task.
10. Enter %LOCALAPPDATA% (on Windows XP, %USERPROFILE%\Local Settings\Application Data\) into the field at the top.
11. Delete these components:
    • script.ps1
    • a folder with a random name that contains a malicious {unique name}.exe file
    • a second folder with a random name that contains updatewin.exe and updatewin2.exe files
12. Exit File Explorer and then Empty Recycle Bin.
13. Install a malware scanner you know you can trust to examine your system for leftovers.