Boooom ransomware (virus) - Recovery Instructions Included
Boooom virus Removal Guide
What is Boooom ransomware?
Boooom ransomware asks for Bitcoins in exchange for a decryption key
Boooom belongs to a category of malware known as ransomware – one of the most dangerous computer threats around. Once installed on a Windows computer or on a network, it infects the related systems and then begins the encryption process of files using a strong encryption algorithm.
During this process, all pictures, documents, videos, and other files are appended with a .[monster666@tuta.io].boooom extension. Modifications can also be noticed by the fact that all personal files are stripped from their original icons, and blank ones are shown instead. Such data becomes no longer readable, which renders it useless for its owners.
In order to decode these files, users are asked to contact cybercriminals behind the attack via monster666@tuta.io email or Telegram (@Online7_365). Note that this contact email is also used within the extension of the locked files and might change in the later versions of the Boooom virus.
All the relevant information is compiled in a file titled decrypt_info.txt, which can be opened on a Notepad or other application. It serves as a note from hackers, who demand to pay Bitcoins in exchange for a decryption tool that allegedly is supposed to decrypt all the data.
However, since this strain is relatively new (it was first spotted in early September 2021) and it is not known who the developers are, there is no guarantee or examples where victims managed to retrieve the required decryption software from the attackers. Hence, we strongly recommend avoiding any contact with the criminals.
Instead, we will explore alternative methods that could hopefully help you restore at least some portion of your data. But before that, there are several important steps that need to be done – check them all below.
Name | Boooom ransomware |
---|---|
Type | Ransomware, data locking malware |
File extension | .boooom, along with user ID and the contact email |
Ransom note | decrypt_info.txt |
Contact | Email monster666@tuta.io or Telegram @Online7_365 |
File Recovery | If no backups are available, recovering data is almost impossible. Nonetheless, we suggest you try the alternative methods that could help you in some cases – we list them below |
Malware removal | Perform a full system scan with powerful security software, such as SpyHunter 5Combo Cleaner, Malwarebytes |
System fix | Malware can seriously tamper with Windows systems, causing errors, crashes, lag, and other stability issues after it is terminated. To remediate the OS and avoid its reinstallation, we recommend scanning it with the FortectIntego repair tool |
It is yet unknown which attack vectors cybercriminals use to spread the virus. According to security experts, there could be many different ways how victims get infected – here are a few examples:
- Spam email attachments of hyperlinks
- Malicious ads and fake updates
- Software cracks, torrents, repacked installers
- Software vulnerabilities, etc.
While you can no longer undo the infection of Boooom ransomware, you should take adequate measures to ensure that you don't get infected in the future. For that, be more careful when browsing the web (stop visiting high-risk websites and never download pirated programs), apply all the available software updates, and, most importantly, install a powerful anti-malware tool such as SpyHunter 5Combo Cleaner or Malwarebytes.
Once the virus manages to get into a Windows machine, the changes happen instantaneously – it includes system and personal files. For example, malware affects the registry, drops many files, launches new processes while shutting down the others, etc.
These changes might sometimes damage the operating system, and security software would not be able to fix it, which might result in crashes, errors, and other issues. You can then either reinstall Windows or, alternatively, fix the damage done by ransomware with a PC repair tool FortectIntego.
After the infection is complete, users can spot it almost right away – they are not able to open their files anymore, and a ransom note shows up automatically, which reads:
All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail monster666@tuta.io
or:
write to us in telegram
hxxps://t.me/Online7_365
or:
@Online7_365
Send us this file
decrypt_info
===========================
Free decryption as a guarantee
Before paying, you can send 1-2 files for free decryption. File format: txt doc pdf jpeg jpg gif png bmp Total file size should not exceed 2 MB (without archive)
===========================
You can buy Bitcoins here: hxxps://localbitcoins.com
Or use the search how to buy Bitcoins in your country
===========================
IMPORTANT!!!
Remember that your files are encrypted and only WE can recover them!
Do not try to recover yourself, as well as on third-party resources, you will lose your files and money forever!
We recommend you ignore everything that the attackers say and instead proceed with Boooom virus removal. Below you will find a correct course of actions – we will explain how to delete malware and then recover files securely.
Step 1. Disconnect your PC from the internet
Once ransomware finishes its job, it is likely to connect to a remote server for various reasons, e.g., the attackers might send additional modules or updates. This step is particularly important in the corporate environment, although it seems that this strain mainly targets home users.
The easiest way to disconnect from the internet is by switching it off via the taskbar or by pulling out the ethernet cable. If your computer is connected to a network, follow these steps:
- Type in Control Panel in Windows search and press Enter
- Go to Network and Internet
- Click Network and Sharing Center
- On the left, pick Change adapter settings
- Right-click on your connection (for example, Ethernet), and select Disable
- Confirm with Yes.
Keep in mind that you should also disconnect from cloud storage services such as OneDrive, as well as external storage devices (USB sticks, external hard drives, etc.).
Step 2. Remove malware
If you are a victim of ransomware, it is important to employ anti-malware software for its removal. Even if the ransomware self-destructs after encrypting your files, malware might still be present and operating in conjunction with other malicious programs. This could lead to further damage and loss of personal information such as banking credentials and login details.
To avoid this scenario, we recommend employing an antivirus program that can remove all traces of malware from your computer system by scanning it thoroughly before any more damage is done. While most malware can be eradicated in a normal mode, some infections might be more stubborn.
If ransomware is impeding the security tool's function, you can access the Safe Mode environment and perform the scan from there.
Windows 7 / Vista / XP
- Click Start > Shutdown > Restart > OK.
- When your computer becomes active, start pressing the F8 button (if that does not work, try F2, F12, Del, etc. – it all depends on your motherboard model) multiple times until you see the Advanced Boot Options window.
- Select Safe Mode with Networking from the list.
Windows 10 / Windows 8
- Right-click on the Start button and select Settings.
- Scroll down to pick Update & Security.
- On the left side of the window, pick Recovery.
- Now scroll down to find the Advanced Startup section.
- Click Restart now.
- Select Troubleshoot.
- Go to Advanced options.
- Select Startup Settings.
- Click Restart.
- Press 5 or click 5) Enable Safe Mode with Networking.
After reaching Safe Mode, launch SpyHunter 5Combo Cleaner, Malwarebytes, or another antivirus, update it with the latest definitions and perform a full system scan to remove malware and all its components from the system.
Step 3. Backup encrypted files
It goes without saying that the easiest way to restore your files is by using backups. Unfortunately, most ransomware victims fail to use this precautionary measure, and once the infection has begun, it is too late to save one's files. if you need tips on how to backup your data in the most efficient way, we have some tips for you at the bottom of this post, so scroll down if required.
You can also use these steps to backup currently encrypted files. This is very important, as, if you proceed with data recovery immediately, you might corrupt it for good (note that ransomware does not corrupt your files but rather puts it behind a sophisticated key, only accessible to cybercriminals).
Security experts are known to work on decryption tools for major ransomware strains. In some cases, flaws within the encryption process can be found or criminals' servers seized by the lay authority agencies. In any case, you could look for decryptors on the following pages, although keep in mind it might take a while until there's a working one made.
- No More Ransom Project
- Free Ransomware Decryptors by Kaspersky
- Free Ransomware Decryption Tools from Emsisoft
- Avast decryptors
Step 4. Use data recovery software
Data recovery software could help you in some situations (it highly depends on the encryption algorithm used, whether ransomware managed to complete its tasks, etc.). Therefore, it is impossible to tell whether this method will work for you, although you should definitely try.
Install data recovery software
- Download Data Recovery Pro.
- Double-click the installer to launch it.
- Follow on-screen instructions to install the software.
- As soon as you press Finish, you can use the app.
- Select Everything or pick individual folders where you want the files to be recovered from.
- Press Next.
- At the bottom, enable Deep scan and pick which Disks you want to be scanned.
- Press Scan and wait till it is complete.
- You can now pick which folders/files to recover – don't forget you also have the option to search by the file name!
- Press Recover to retrieve your files.
Finally, you always have a choice to cooperate with the attackers. However, we strongly discourage you from doing so, as you might not only lose your files but also your money. Cybercriminals often ask for large sums for decryption, and even fail to provide the promised tool after the payment is made.
Getting rid of Boooom virus. Follow these steps
Create data backups to avoid file loss in the future
One of the many countermeasures for home users against ransomware is data backups. Even if your Windows get corrupted, you can reinstall everything from scratch and retrieve files from backups with minimal losses overall. Most importantly, you would not have to pay cybercriminals and risk your money as well.
Therefore, if you have already dealt with a ransomware attack, we strongly advise you to prepare backups for future use. There are two options available to you:
- Backup on a physical external drive, such as a USB flash drive or external HDD.
- Use cloud storage services.
The first method is not that convenient, however, as backups need to constantly be updated manually – although it is very reliable. Therefore, we highly advise choosing cloud storage instead – it is easy to set up and efficient to sustain. The problem with it is that storage space is limited unless you want to pay for the subscription.
Using Microsoft OneDrive
OneDrive is a built-in tool that comes with every modern Windows version. By default, you get 5 GB of storage that you can use for free. You can increase that storage space, but for a price. Here's how to setup backups for OneDrive:
- Click on the OneDrive icon within your system tray.
- Select Help & Settings > Settings.
- If you don't see your email under the Account tab, you should click Add an account and proceed with the on-screen instructions to set yourself up.
- Once done, move to the Backup tab and click Manage backup.
- Select Desktop, Documents, and Pictures, or a combination of whichever folders you want to backup.
- Press Start backup.
After this, all the files that are imported into the above-mentioned folders will be automatically backed for you. If you want to add other folders or files, you have to do that manually. For that, open File Explorer by pressing Win + E on your keyboard, and then click on the OneDrive icon. You should drag and drop folders you want to backup (or you can use Copy/Paste as well).
Using Google Drive
Google Drive is another great solution for free backups. The good news is that you get as much as 15GB for free by choosing this storage. There are also paid versions available, with significantly more storage to choose from.
You can access Google Drive via the web browser or use a desktop app you can download on the official website. If you want your files to be synced automatically, you will have to download the app, however.
- Download the Google Drive app installer and click on it.
- Wait a few seconds for it to be installed.
- Now click the arrow within your system tray – you should see Google Drive icon there, click it once.
- Click Get Started.
- Enter all the required information – your email/phone, and password.
- Now pick what you want to sync and backup. You can click on Choose Folder to add additional folders to the list.
- Once done, pick Next.
- Now you can select to sync items to be visible on your computer.
- Finally, press Start and wait till the sync is complete. Your files are now being backed up.
Report the incident to your local authorities
Ransomware is a huge business that is highly illegal, and authorities are very involved in catching malware operators. To have increased chances of identifying the culprits, the agencies need information. Therefore, by reporting the crime, you could help with stopping the cybercriminal activities and catching the threat actors. Make sure you include all the possible details, including how did you notice the attack, when it happened, etc. Additionally, providing documents such as ransom notes, examples of encrypted files, or malware executables would also be beneficial.
Law enforcement agencies typically deal with online fraud and cybercrime, although it depends on where you live. Here is the list of local authority groups that handle incidents like ransomware attacks, sorted by country:
- USA – Internet Crime Complaint Center IC3
- United Kingdom – ActionFraud
- Canada – Canadian Anti-Fraud Centre
- Australia – ScamWatch
- New Zealand – ConsumerProtection
- Germany – Polizei
- France – Ministère de l'Intérieur
If your country is not listed above, you should contact the local police department or communications center.
Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Boooom and other ransomwares, use a reputable anti-spyware, such as FortectIntego, SpyHunter 5Combo Cleaner or Malwarebytes
How to prevent from getting ransomware
Choose a proper web browser and improve your safety with a VPN tool
Online spying has got momentum in recent years and people are getting more and more interested in how to protect their privacy online. One of the basic means to add a layer of security – choose the most private and secure web browser. Although web browsers can't grant full privacy protection and security, some of them are much better at sandboxing, HTTPS upgrading, active content blocking, tracking blocking, phishing protection, and similar privacy-oriented features. However, if you want true anonymity, we suggest you employ a powerful Private Internet Access VPN – it can encrypt all the traffic that comes and goes out of your computer, preventing tracking completely.
Lost your files? Use data recovery software
While some files located on any computer are replaceable or useless, others can be extremely valuable. Family photos, work documents, school projects – these are types of files that we don't want to lose. Unfortunately, there are many ways how unexpected data loss can occur: power cuts, Blue Screen of Death errors, hardware failures, crypto-malware attack, or even accidental deletion.
To ensure that all the files remain intact, you should prepare regular data backups. You can choose cloud-based or physical copies you could restore from later in case of a disaster. If your backups were lost as well or you never bothered to prepare any, Data Recovery Pro can be your only hope to retrieve your invaluable files.