BooM Ransomware

Posted by Sarah Stewart on January 17, 2019

What is BooM Ransomware?

BooM Ransomware is a malicious program created by a hacker who calls himself Mohamed Naser Ahmed. It encrypts user’s files, marks them with .Boom extension, and then displays a message saying the only way to decrypt data is to obtain a unique password. Apparently, to get the passcode, the victims have to contact the malware’s developer. Usually, hackers give their email address, but in this case, the threat’s creator wants to be contacted through a popular social media platform known as Facebook. There are a couple of reasons why we believe this could be a bad idea and if you want to learn them, you should continue reading our report. What’s more, below the article we will place our prepared deletion instructions that will explain how to remove BooM Ransomware manually. Besides, if you have any questions, you can leave a comment at the end of this page.testtesttest

Where does BooM Ransomware come from?

BooM Ransomware might be traveling with Spam emails, fake updates, malicious software setup files, and so on. Therefore, if you receive it, you should try to remember what the last file you downloaded and opened before the malware encrypted your data was. Naturally, to avoid such threats in the future, it is essential to learn from your mistakes. If it was a malicious email attachment that caused this, we recommend avoiding opening files received with Spam, from unknown senders, or raising suspicion. Next, it would be wise to stay away from questionable file-sharing web pages, e.g., torrent sites. Plus, you could acquire a legitimate antimalware tool that you could use to check suspicious files before opening them.

How does BooM Ransomware work?

At first, you may not even notice the system got infected with BooM Ransomware, as it should silently encrypt all of your files. During the process, each affected file should gain a second extension, e.g., flowers.jpg.Boom. Afterward, the malicious program ought to reveal its presence by displaying a warning window saying you can decrypt your files if you insert a correct password. Also, the malware should open a ransom note claiming the user has to contact the threat’s developer to get the passcode. It does not say whether the victim would have to pay anything, but given such infections are created for money extortion, we are almost one hundred percent sure the hackers would demand it. Unfortunately, everything might go wrong if it appears the hackers do not have the promised password are not willing to send it to you. Once the money is transferred, the user will most likely be unable to get it back, which means if the BooM Ransomware’s creators appear to be scammers, the money could be lost and the files would remain to be locked.

How to erase BooM Ransomware?

To get rid of BooM Ransomware manually users should remove all data it creates upon entering the system. There should be quite a few files, which is why our researchers at Anti-spyware-101.com have prepared a step by step deletion guide you can find a bit below this text. Provided, the task looks still too complicated you could install a legitimate antimalware tool, do a system scan, and click the given removal button.

Eliminate BooM Ransomware

  1. Click Ctrl+Alt+Delete.
  2. Pick Task Manager and select Processes.
  3. Locate a process belonging to the threat.
  4. Select it and click End Task.
  5. Exit Task Manager.
  6. Click Windows key+E.
  7. Locate these paths:
    %TEMP%
    %USERPROFILE%\Downloads
    %USERPROFILE%\Desktop
  8. Locate the malicious application’s launcher.
  9. Right-click it and select Delete.
  10. Navigate to %TEMP% again.
  11. Find two malicious executable files that could be named 12a4U0hLW87Q15X.exe and Tempsvchost.exe, or similarly; right-click them and select Delete.
  12. Locate this folder: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
  13. Search for a text file named HOW TO DECRYPT FILES.txt, right-click it and select Delete.
  14. Exit File Explorer.
  15. Press Windows key+R.
  16. Insert Regedit and click Enter.
  17. Locate the given directory: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  18. Identify a value name created by the threat, e.g., Alcmeter.
  19. Right-click this value name and press Delete.
  20. Exit Registry Editor.
  21. Empty your Recycle Bin.
  22. Restart the computer. 100% FREE spyware scan and
    tested removal of BooM Ransomware*

Stop these BooM Ransomware Processes:

c478913dd84ce396f66cefa88e23588100aab951ff1b01aac9ea72fac12611b1.exe
Disclaimer
Disclaimer
Trojans

Leave a Comment

Enter the numbers in the box to the right *