Boom ransomware (Bonus: Decryption Steps) - Free Instructions

Boom virus Removal Guide

What is Boom ransomware?

Boom ransomware is the cyber threat that encrypts your data and demands payment to get them restored

Boom ransomwareBoom ransomware virus is a threat reveals little to no information about the encryption process but demands to contact developers on its ransom note.

Boom ransomware is a cryptovirus that gives .boom file extension to all encrypted files. The original name of the files is not changed, this appendix goes after the name of this photo, document or audio file. However, the original code of this file is changed during the encryption process during which an army-grade algorithm is used to make your data unreadable.[1] When the virus is done with file encryption it generates the ransom note and places that on the system. HOW TO DECRYPT FILES.txt includes ransom message inside that encourages people to pay the demanded ransom to get their files restored. Additionally, the virus delivers a GUI window that reminds Desktop ransomware. It also changes the wallpaper of your desktop, delivers payment information in yet another program window. These two ransomware threats might be associated or just similar but you shouldn't consider paying the creators because often the alleged decryption is only a lie.[2]

Name Boom ransomware
Type Cryptovirus
Ransom note HOW TO DECRYPT FILES.txt
Encryption algorithm AES-256
File extension .boom
Additional changes Changed desktop wallpaper, delivered program windows
Main executable BooM.exe
Distribution Spam email attachments
Elimination Remove Boom ransomware and clean the virus damage using FortectIntego

Boom ransomware virus encrypts every file in commonly found formats like documents, photos, archives, music or video files. When the code gets changed data becomes unusable, and every file gets .boom file appendix at the end of the original name.

For the encryption, Boom ransomware uses the AES-256 algorithm and additionally erases the Shadow Volume Copies on the Windows operating system and makes data recovery even more difficult this way. Also, this virus is designed to make alterations in the registry to ensure the threat is persistent.

Unfortunately, there is no official decryption tool for this virus yet, so you should focus on malware removal and then employ file recovery software to restore lost data. You can remove Boom ransomware by employing a reputable anti-malware tool for the job. Then follow up with a full system scan using repair tools like FortectIntego, so virus damage can be eliminated.

Boom ransomware encrypts files and then opens a ransom note with further payment instructions. The main text file called HOW TO DECRYPT FILES.txt displays the following:

Oooooops All your files have been encrypted
And to encode the files, enter the password
to get a password
Search in Facebook
My name = Mohamed Naser Ahmed
my ID = 100027091457754
see you soon

Additionally, Boom ransomware creates a few program windows with encouragement to pay the ransom and changes the desktop wallpaper to a picture which states:

ooooops You have been infected with @ virus Boom Ransomeware
All your files have been encrypted To decrypt the encoder, enter PIN
To show you the password to decrypt files
see you soon

Researchers[3] cannot stress enough how important it is to stay away from these criminals and avoid any contact. You should proceed with Boom ransomware as soon as possible and then clean the system further to make sure it is clear enough for data recovery.

The best option for file encrypted by Boom ransomware virus is data replacement from data backups on external devices or cloud services. If you have no properly backed files, we suggest a few data recovery software solutions down below as well as tips for malware elimination.

Boom ransomware virus.boom file extension virus is a malware that focuses on file-locking so there is the purpose of demanding ransom from victims.

Ransomware gets distributed around the internet using spam email attachments

The main ransomware spreading technique is spam email attachments when infected files get attached to the legitimate-looking email and distributed around the internet in a matter of seconds. Payload dropper can be loaded on the system automatically when you open ZIP or EXE file from the email, or other malware can spread the infection further.

When you get an email that you weren't expecting don't rush to open that immediately. You may need to double-check if the sender is familiar and what is the purpose of this email in the first place. You should avoid opening files or links from these questionable emails. It is even better to delete them after receiving.

However, you can scan the file before opening on the device and check if the document itself is malicious or not. Also, often malicious actors disguise their products behind well-known names of services like PayPal or FedEx. If you get an email from the company you are not using, make sure to pay close attention to the email before opening it on the computer.

Terminate Boom ransomware and make sure to clean virus damage too

For the best Boom ransomware removal results, you should employ reputable anti-malware tools and scan the system thoroughly. This way you can be sure that all related files and programs get deleted from the computer during a system clean. You can use FortectIntego, SpyHunter 5Combo Cleaner, or Malwarebytes for the job.

You need to make sure that you remove Boom ransomware from the system, so reboot the dive before running a full system scan because by doing so you can be sure that ransomware is not blocking your anti-malware tool. Remember that cryptovirus can encrypt your data again if not properly removed.

Make sure to clean Boom ransomware virus damage after the malware termination if you want to use data backups later. If you are not sure that the computer is clear you can lose your data permanently.

do it now!
Fortect Happiness
Intego Happiness
Compatible with Microsoft Windows Compatible with macOS
What to do if failed?
If you failed to fix virus damage using Fortect Intego, submit a question to our support team and provide as much details as possible.
Fortect Intego has a free limited scanner. Fortect Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Fortect, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

Getting rid of Boom virus. Follow these steps

Manual removal using Safe Mode

If you want to make sure that anti-malware tools are working properly, reboot your machine in Safe Mode with Networking and then remove Boom ransomware using your trustworthy antivirus tool

Important! →
Manual removal guide might be too complicated for regular computer users. It requires advanced IT knowledge to be performed correctly (if vital system files are removed or damaged, it might result in full Windows compromise), and it also might take hours to complete. Therefore, we highly advise using the automatic method provided above instead.

Step 1. Access Safe Mode with Networking

Manual malware removal should be best performed in the Safe Mode environment. 

Windows 7 / Vista / XP
  1. Click Start > Shutdown > Restart > OK.
  2. When your computer becomes active, start pressing F8 button (if that does not work, try F2, F12, Del, etc. – it all depends on your motherboard model) multiple times until you see the Advanced Boot Options window.
  3. Select Safe Mode with Networking from the list. Windows 7/XP
Windows 10 / Windows 8
  1. Right-click on Start button and select Settings.
  2. Scroll down to pick Update & Security.
    Update and security
  3. On the left side of the window, pick Recovery.
  4. Now scroll down to find Advanced Startup section.
  5. Click Restart now.
  6. Select Troubleshoot. Choose an option
  7. Go to Advanced options. Advanced options
  8. Select Startup Settings. Startup settings
  9. Press Restart.
  10. Now press 5 or click 5) Enable Safe Mode with Networking. Enable safe mode

Step 2. Shut down suspicious processes

Windows Task Manager is a useful tool that shows all the processes running in the background. If malware is running a process, you need to shut it down:

  1. Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
  2. Click on More details.
    Open task manager
  3. Scroll down to Background processes section, and look for anything suspicious.
  4. Right-click and select Open file location.
    Open file location
  5. Go back to the process, right-click and pick End Task.
    End task
  6. Delete the contents of the malicious folder.

Step 3. Check program Startup

  1. Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
  2. Go to Startup tab.
  3. Right-click on the suspicious program and pick Disable.

Step 4. Delete virus files

Malware-related files can be found in various places within your computer. Here are instructions that could help you find them:

  1. Type in Disk Cleanup in Windows search and press Enter.
    Disk cleanup
  2. Select the drive you want to clean (C: is your main drive by default and is likely to be the one that has malicious files in).
  3. Scroll through the Files to delete list and select the following:

    Temporary Internet Files
    Recycle Bin
    Temporary files

  4. Pick Clean up system files.
    Delete temp files
  5. You can also look for other malicious files hidden in the following folders (type these entries in Windows Search and press Enter):


After you are finished, reboot the PC in normal mode.

Remove Boom using System Restore

Use System Restore feature and get rid of Boom ransomware this way

  • Step 1: Reboot your computer to Safe Mode with Command Prompt
    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of Boom. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with FortectIntego and make sure that Boom removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove Boom from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by security experts.

If your files are encrypted by Boom, you can use several methods to restore them:

If you have no backups, you should use Data Recovery Pro as an alternative

You can use Data Recovery Pro to restore files encrypted by Boom ransomware. Also, this program should work for accidentally deleted data too

  • Download Data Recovery Pro;
  • Follow the steps of Data Recovery Setup and install the program on your computer;
  • Launch it and scan your computer for files encrypted by Boom ransomware;
  • Restore them.

Try Windows Previous Versions feature for Boom ransomware encrypted data

If System Restore was enabled before, you could use Windows Previous Versions

  • Find an encrypted file you need to restore and right-click on it;
  • Select “Properties” and go to “Previous versions” tab;
  • Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

Decryption tool for Boom ransomware is not developed yet

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Boom and other ransomwares, use a reputable anti-spyware, such as FortectIntego, SpyHunter 5Combo Cleaner or Malwarebytes

How to prevent from getting ransomware

Stream videos without limitations, no matter where you are

There are multiple parties that could find out almost anything about you by checking your online activity. While this is highly unlikely, advertisers and tech companies are constantly tracking you online. The first step to privacy should be a secure browser that focuses on tracker reduction to a minimum.

Even if you employ a secure browser, you will not be able to access websites that are restricted due to local government laws or other reasons. In other words, you may not be able to stream Disney+ or US-based Netflix in some countries. To bypass these restrictions, you can employ a powerful Private Internet Access VPN, which provides dedicated servers for torrenting and streaming, not slowing you down in the process.

Data backups are important – recover your lost files

Ransomware is one of the biggest threats to personal data. Once it is executed on a machine, it launches a sophisticated encryption algorithm that locks all your files, although it does not destroy them. The most common misconception is that anti-malware software can return files to their previous states. This is not true, however, and data remains locked after the malicious payload is deleted.

While regular data backups are the only secure method to recover your files after a ransomware attack, tools such as Data Recovery Pro can also be effective and restore at least some of your lost data.

About the author
Jake Doevan
Jake Doevan - Computer technology expert

If this free guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Jake Doevan
About the company Esolutions