Severity scale:  
  (98/100)

Remove BBOO ransomware (Virus Removal Instructions) - Decryption Methods Included

removal by Lucia Danes - - | Type: Ransomware

BBOO ransomware – the 205th variant of Djvu/STOP ransomware that is currently undecryptable

BBOO ransomware
BBOO ransomware is a dangerous cyber threat that can infiltrate computer systems through email spam, software cracks, hacked RDP, and OS flaws

BBOO ransomware, discovered by Michael Gillespie,[1] is a recent computer virus that has appeared from the Djvu ransomware family and employs the AES-256 cryptography algorithm for locking up all files discovered. When the malware scans the system for encryptable components and locks up all of them, the .bboo extension is attached to each filename. This is a sign that the data has been locked and reversing it will require another specific key.

Later on, BBOO ransomware places a ransom message named _readme.txt that comes in a Notepad blank and provides monetary demands in exchange for the decryption tool. Criminals ask for a starter price of $490 that needs to be transferred in Bitcoin cryptocurrency within 3 days.

However, if the victims do not manage to fit in this time limit, the ransom amount doubles to $980. Also, these people provide the helpmanager@firemail.cc and help manager@iran.ir email addresses for making contact. Keep in mind that this is just a way to convince you to pay the price faster and you should consider not doing it at all due to the risk of getting scammed.

According to VirusTotal information,[2] the malicious payload of BBOO ransomware has been detected by 50 different antivirus engines out of the total 72. Some of the detection names include Gen:Variant.Mikey.109427, Win32:CrypterX-gen [Trj], A Variant Of Win32/Kryptik.HAYC, Trojan-Ransom.Win32.Stop.kb, Trojan.MalPack.GS, Mal/Generic-S, and others.

Name BBOO ransomware
Type Ransomware virus/malware
Discoverer Michael Gillespie
Encryption Almost all files and documents are locked with the help of the AES-256 encryption cipher. After the encryption, the .bboo appendix is added to each filename
Ransom note The ransomware virus provides ransom demands and payment information via the _readme.txt message that is very similar for every Djvu ransomware version
Ransom price Criminals demand a $490 payment if the victim decides to pay within 3 days of time. However, if the user is late, the ransom price doubles up to $980
Crooks' contacts Crooks provide helpmanager@firemail.cc and help manager@iran.ir email addresses for making contact and sending 1 simple file for free decryption if the victims want evidence of the decryption tool's existence
Delivery Ransomware payload can get distributed to the targeted Windows computer safety in a big variety of ways, including software cracked, hacked RDP, operating system flaws, and email spam
Elimination If you have been dealing with this ransomware lately, you have to get rid of it from the Windows device with the help of reliable antimalware software
Fix tip If you have discovered any damage that was made by the ransomware virus, you can try fixing things with Reimage Reimage Cleaner

Djvu ransomware has been releasing new versions rapidly and .bboo files virus is another one that has shown up at the start of February this year. The malware uses secret delivery techniques such as attacking the targeted computer system via email spam campaigns that pretend to be fake order delivery notifications from reliable companies such as FedEx, DHL, and others. Also, criminals often misuse the vulnerable configuration of RDPs and manage to enter the system remotely.

We have come to the conclusion that BBOO ransomware mostly targets English-speaking users as the ransom note and all its instructions are written in the English language. This way criminals can target a wide range of people as English is the most popular language in the world. However, some other ransomware viruses operate by distributing the same ransom note in different languages depending on where the infected Windows computer system is located.

Once BBOO ransomware plants its malicious payload on the computer system, it starts altering the Windows Registry and Task Manager by adding malicious keys and processes to these directories. This way the malware assures that it is always launched during every computer boot process. Also, some executables allow the ransomware virus to repeatedly scan the system for encryptable files and documents to make sure that there are no components left unlocked.

You can recognize BBOO virus from the .bboo extension that it appends to all of the locked components. For example, if you held a file named report.docx, after the encryption, it would turn to report.docx.bboo. After that, the ransom note appears placed on your desktop and also might be included in every folder that has encrypted documents. Here, take a look at how the entire ransom-demanding note looks like in order to be able to recognize it:

ATTENTION!

Don’t worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-Oc0xgfzC7q
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that’s price for you is $490.
Please note that you’ll never restore your data without payment.
Check your e-mail “Spam” or “Junk” folder if you don’t get answer more than 6 hours.

To get this software you need write on our e-mail:
helpmanager@firemail.cc

Reserve e-mail address to contact us:
helpmanager@iran.ir

Your personal ID:

It is also known that BBOO ransomware seeks to speed up the encryption process by locking up only the first 154kb of the affected file. Furthermore, the malware can lock up any types of documents that are stored not only on the system but also the data that is getting transferred through a remote drive. However, it is known that this ransomware virus does not touch any files and documents that are marked as .dll, .lnk, .ini, .bat, and .sys.

In addition, BBOO ransomware skips various system-related folders such as %AppData%, %Windows%, %Program Files% so that the user would still be able to use the infected Windows computer system for activities such as making the demanded ransom payment, writing the cybercriminals, and so on. These people even offer to recover one simple file (that does not include any important information) for free in order to provide proof of the decryption tool's existence.

BBOO ransomware might also aim to disable the antivirus software that is lurking on your computer system to prevent detection. So, if the malware is blocking your antimalware program, you might not receive any alerts from it when the infection process starts and proceeds. However, this type of feature will make the BBOO ransomware removal process difficult unless you diminish the malicious changes by booting your PC in Safe Mode with Networking.

Furthermore, BBOO ransomware might target your Shadow Volume Copies[3] and damage or erase them permanently via PowerShell commands. This type of process prevents users from employing third-party software that could help to recover some encrypted files if the Shadow Copies are safe. Additionally, the malware can destroy the Windows hosts file in order to prevent users from accessing cybersecurity-related websites and forums.

BBOO virus
BBOO ransomware is a file-encrypting cyber threat that uses the AES-256 cipher to lock up files and documents on the infected Window PC

When you remove BBOO ransomware from your Windows computer system, do not forget to eliminate the hosts file too, otherwise, the access can remain blocked. For the elimination process of the malware, you should use only reliable antimalware programs that are capable of dealing with such complex cyber threats. Also, if you have discovered any damage that was brought to your Windows device by BBOO ransomware, try repairing the affected objects with Reimage Reimage Cleaner .

BBOO ransomware might infiltrate other malicious strings into the infected system by making it vulnerable to additional infections and opening the backdoors. STOP ransomware variants are known for the distribution of AZORult Trojan virus, so this version might also be capable of the same thing. If a trojan appears on your computer system, you are likely to experience multiple software damage, overuse of the CPU, data and monetary thefts, etc. 

A little bit about file encryption and possible recovery techniques

Djvu ransomware variants sometimes employ offline encryption keys rather than online ones and we are going to explain the difference between them. When the targeted device is infected, the malware assures that it can successfully connect to a C&C server. If BBOO ransomware succeeds in this task, it employs and online key and starts locking up all the data found. Such keys differ for each victim and are held on remote servers that are accessible only for crooks.

However, if BBOO ransomware finds out that it cannot successfully connect to a Command and Control servers, it employs an offline tool that is the same for every victim. If you are not sure what type of key was used for the encryption, you should check your personal ID that is placed in the C:/SystemID/ directory in the PersonalID.txt text file. Stored keys that end with t1 are a sign that an offline key was used and you have chances of recovering at least some of your files.

Sadly, it is more possible that BBOO ransomware uses online keys and you are likely to have some trouble with the data recovery process. Emsisoft experts have provided a Djvu decrypter that works for offline key versions and those other variants that were released before August 2019.[4] However, this does not mean that you have to rush to pay cybercriminals the demanded price that can reach even up to $980 if you are more than three days late.

BBOO ransomware developers are orientated towards their own business and these people do not really care about the victims or their files. There is a big chance that you will get scammed by these people if you decide to pay them. They might provide you with a fake tool or give no key at all. Rather than taking such risk, go to the end of this article where you will find data recovery possibilities provided by our experts. If completed as required, these steps might be really helpful.

BBOO ransomware virus
BBOO ransomware is the 205th version of Djvu ransomware

Hacked RDPs and phishing emails are the main malware carriers

According to cybersecurity specialists from NoVirus.uk,[5] ransomware infections are delivered through various stealth techniques. However, one of the most popular ransomware distribution sources is email spam. Phishing messages often come with attachments or hyperlinks that carry the malicious payload. Crooks often pretend to be from reliable companies and carry banking details, canceled flight notices, order information, ticket processing, and similar.

If you have received a bogus email and you are not sure where it has come from, better delete it and definitely do not open any attached files. If you have already downloaded the document, do not open it without performing a thorough malware scan first. Also, you should check for possible grammar mistakes in the email message as all reputable companies would make sure that their notifications are delivered without any mistakes in them.

Furthermore, ransomware-related payload can fall into the computer system through hacked RDPs, for example, the TCP port 3389. Criminals look for RDP that includes easy-guessable passwords or has not security codes at all. This way hackers are able to break through the very weak security barrier and install ransomware on the device remotely.

However, ransomware infections can also arrive through cracks of software that are loaded on peer-to-peer websites such as The Pirate Bay, eMule, BitTorrent. Also, malware developers can exploit various system flaws that are related to the operating system, web browsers, services such as Microsoft Office, and all types of third-party apps.

You should avoid downloading products, services, and software from unknown sources as there is a high risk of malware infection. Get all of your things from reliable developers and their official web pages. Continuously, make sure that all of your software, OS, and other services are always updated to avoid possible flaws. Last but not least, make sure to employ reliable antimalware software that will scan your Windows computer system once in a while and provide malware protection.

Tips on BBOO ransomware removal process

BBOO ransomware removal is the first step that you should complete if you want to free your Windows computer from the dangerous infection and have a chance of recovering at least some of your files. You should employ a reliable antimalware program that will complete the entire job for you, search your whole computer system for malicious products and make sure that the malware is gone together with all the additional content that it has brought.

When you remove BBOO ransomware from your device, it is time to search for possible damage. You can try using software such as SpyHunter 5Combo Cleaner or Malwarebytes for discovering the corrupted areas. When the results come, you can try repairing the performed damage with the help of Reimage Reimage Cleaner . Afterward, you can continue with data recovery techniques that are provided at the end of this article. Make sure to complete each step as required to achieve the best results possible.

Offer
do it now!
Download
Reimage Happiness
Guarantee
Download
Reimage Cleaner Happiness
Guarantee
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage Reimage Cleaner, submit a question to our support team and provide as much details as possible.
Reimage Reimage Cleaner has a free limited scanner. Reimage Reimage Cleaner offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Reimage, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Reimage Cleaner, try running Combo Cleaner.

To remove BBOO virus, follow these steps:

Remove BBOO using Safe Mode with Networking

To diminish all of the malicious changes on your Windows operating system that were performed by the ransomware virus, apply the following steps and boot your computer in Safe Mode with Networking

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove BBOO

    Log in to your infected account and start the browser. Download Reimage Reimage Cleaner or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete BBOO removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove BBOO using System Restore

To deactivate the ransomware virus and disable all malicious settings on your Windows device, you should reboot your machine via System Restore. If you do not know how to do this, follow the below-provided guide

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of BBOO. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage Reimage Cleaner and make sure that BBOO removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove BBOO from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by 2-spyware.com security experts.

.bboo files are a sign that BBOO ransomware virus has made an impact on your files and documents. Rather than risking to get scammed by paying the ransom, you should try out the following data recovery techniques.

If your files are encrypted by BBOO, you can use several methods to restore them:

Employ Data Recovery Pro to restore some files

If the ransomware virus has locked your files and documents, you might have a chance of bringing them back to their previous positions with the help of this software. Complete all the steps as required to succeed at your best.

  • Download Data Recovery Pro;
  • Follow the steps of Data Recovery Setup and install the program on your computer;
  • Launch it and scan your computer for files encrypted by BBOO ransomware;
  • Restore them.

Using Windows Previous Versions feature might allow you to recover data

If you have booted your computer via System Restore in the past, this method might help you to restore at least some of your files.

  • Find an encrypted file you need to restore and right-click on it;
  • Select “Properties” and go to “Previous versions” tab;
  • Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

Shadow Explorer is a piece of software for file recovery

You can try restoring your files back to normal with this tool. However, make sure that the ransomware virus did not destroy the Shadow Volume Copies of your encrypted files, otherwise, this method might not work.

  • Download Shadow Explorer (http://shadowexplorer.com/);
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

Currently, cybersecurity experts are still working on the decryption tool.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from BBOO and other ransomwares, use a reputable anti-spyware, such as Reimage Reimage Cleaner , SpyHunter 5Combo Cleaner or Malwarebytes

About the author

Lucia Danes
Lucia Danes - Virus researcher

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Lucia Danes
About the company Esolutions

References

Removal guides in other languages


Your opinion regarding BBOO ransomware