BBOO Ransomware

What is BBOO Ransomware?

Did BBOO Ransomware encrypt your personal files and attach the “.bboo” extension to their names? If that is what has happened, you are in a very sticky situation. Your files are unreadable, and decrypting them manually is not an option. Besides the fact that you need to handle your personal files, you also have to worry about your virtual security because at least one infection – i.e., the ransomware – has already managed to compromise it. Unfortunately, if you delete BBOO Ransomware immediately, your files will remain encrypted. Luckily, this time we come with both good and bad news, and let us tell you that that does not happen often when it comes to ransomware. In most cases, ransomware infections are undecryptable, and their victims end up losing all personal files, including childhood photos, wedding videos, work documents, and so on. It appears that this time the infection is decryptable. Do you want to learn about this and the removal of the ransomware? Continue reading.

How does BBOO Ransomware work?

It is likely that BBOO Ransomware slithered into your operating system because you opened a corrupted spam email attachment and enabled macros, which allowed for the threat to execute. Otherwise, you could have left RDP vulnerabilities unpatched, and cybercriminals found a way to exploit them for malware distribution. The infection is meant to invade your operating system silently, and once it does that, it encrypts your files instantly. That is exactly how Reha Ransomware, Nbes Ransomware, Hets Ransomware, Kodc Ransomware, and hundreds of other infections work as well. They all belong to the STOP Ransomware family, just like BBOO Ransomware itself. The bad news is that cybercriminals are unlikely to stop exploiting the widely-used malware code to build new infections any time soon. The good news is that a free decryptor (STOP Decryptor) was created and can be downloaded by anyone. While it does not guarantee complete decryption, and some victims might be unable to restore files using this tool at all, the fact that such a tool exists gives hope for those who are most desperate.

Hopefully, you do not need to rely on a free decryptor because you already have backups stored outside the infected computer. But what if you cannot use the decryptor, and you do not have copies of your personal files stored in backup? If that is the situation you are in, you might consider following the instructions presented by the creator of BBOO Ransomware. A file named “_readme.txt” is created by the threat after your personal files are encrypted, and it is meant to instruct you to email the attackers (at helpdatarestore@firemail.cc or helpmanager@mail.ch) and then pay a ransom of $490 in return for a decryptor and a private key. Hopefully, you do not need an explanation as to why communicating with cybercriminals is dangerous, and you already know that you are unlikely to receive a decryptor if you pay a ransom. Cybercriminals are all about deception and false promises, and so you should not expect them to keep their end of the deal even if you keep yours.

How to delete BBOO Ransomware

Without a doubt, you need to remove BBOO Ransomware, and you need to do it now. Manual removal is an option, and you might be able to successfully get rid of the infection, but only if you can locate the launcher file. We cannot know where it is, but you should check the Downloads folder or the %TEMP% directory first. Obviously, even if you are able to delete BBOO Ransomware yourself, we recommend implementing trusted anti-malware software anyway. Why? First of all, this software will automatically erase everything that is malicious, and so you will not need to worry about any leftovers. Second, it will secure your system, which is crucial if you have no desire to face new infections in the future. Hopefully, once your system is cleaned and secured, you can use a free decryptor to restore files or backups to replace them with healthy copies. If you remain lost and confused, do not hesitate to leave your questions in the comments area below. Our Anti-Spyware-101.com researchers will try to get back to you as soon as possible.

Removal Guide

1. Find the {unknown}.exe file that executed the infection and Delete it.
2. Find the ransom note file named _readme.txt and Delete it.
3. Simultaneously tap Win+E keys to open the File Explorer window.
4. Enter %WINDIR%\System32\Tasks\ into the quick access field.
5. Delete the ransomware task named Time Trigger Task.
6. Enter %LOCALAPPDATA% into the quick access field. If you are still using Windows XP, enter %USERPROFILE%\Local Settings\Application Data\ instead.
7. Delete two folders with random names. One of them should contain an .exe file with a random name, and the other one should contain updatewin.exe and updatewin2.exe files.
8. Also, Delete a ransomware file named script.ps1.
9. Simultaneously tap Win+R keys to open Run and enter regedit into the dialog box.
10. In Registry Editor, go to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.
11. Delete the ransomware-related value named SysHelper.
12. Empty Recycle Bin and then scan your system for leftovers using a trustworthy malware scanner. Download Removal Tool100% FREE spyware scan and
    tested removal of BBOO Ransomware*