BBOO Ransomware Removal Guide

Do you know what BBOO Ransomware is?

BBOO Ransomware is yet another infection from the STOP Ransomware family. We have discussed many other infections from this program before, and if it’s your first time reading about such a program, you’re in for a good ride. Ransomware programs are extremely annoying and dangerous because it is possible to remove them, but it is a lot harder to restore the files that have been encrypted. Thus, to remove BBOO Ransomware, you can scroll down to the bottom of this description for the manual removal guidelines. But if you want to know how to restore your files, it can prove to be quite tricky.

The unique thing about programs from the STOP Ransomware is that it is sometimes possible to decrypt the affected files with a public decryption key. However, please note that not all files can be decrypted. The decryption tool works only if the malware used an offline key to encrypt target files. So, if BBOO Ransomware uses an online key, the public decryption key will not work. Unless some researcher cracks the encryption and creates a new public decryption tool that works for BBOO Ransomware. However, that is highly unlikely.

So what are the best ways to restore the encrypted files? For the most part, users have to rely on file backups. File backups are storage where you save copies of your data. We usually do that on external hard drives. Also, the newest versions of operating systems increasingly encourage users to employ cloud storage systems. Cloud storage is often promoted as one of the best counter-measure against a ransomware attack. Although it is often impossible to restore the encrypted files, you can delete the locked-up files and transfer the healthy copies back into your computer from the backup storage.BBOO Ransomware Removal GuideBBOO Ransomware screenshot
Scroll down for full removal instructions

Aside from dealing with BBOO Ransomware, the best way to fight it is to bar it from entering your system in the first place. How can that be possible? Well, we need to learn to recognize the potential ransomware distribution patterns. Usually, ransomware travels via spam email attachments. However, it might also reach you through unsafe RDP connections or from some downloads that you get at third-party sources. Either way, ransomware infections involve opening and launching a new file on your computer, and you are the one who does that.

How can BBOO Ransomware and other similar programs trick users into opening dangerous files? Those files are often disguised as some important documents. For example, the ransomware installer file might look like some MS Excel document that you supposedly have to check immediately. It might be an “invoice” or an annual financial report, what have you. If you have to deal with an influx of such documents every single day, you might not notice anything off about it. But please bear in mind that ransomware installer files often require you to enable macros so that they could run the malicious codes. If you do not “enable content,” BBOO Ransomware and other similar programs would not be able to reach you.

Just like all of its predecessors, BBOO Ransomware clearly runs a full system scan looking for the files it can encrypt. After that, it launches the encryption. It doesn’t take long, and when the encryption is complete, the infection displays the following ransom note:

ATTENTION!

Don’t worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.

Please do not purchase the decryption tool from these criminals. They might as well just scram with your money without even bothering to issue the decryption key. What’s more, by paying the ransom, you would encourage these criminals to continue making more programs.

Remove BBOO Ransomware today and then restore your files from a file backup (provided you have one). If you do not have a file backup, you should address a local professional who would tell you more about the ways you can get your files back. Please do not hesitate to invest in a file backup in the future because that is the best remedy against ransomware infection.

How to Remove BBOO Ransomware

  1. Press Win+R and type regedit. Click OK.
  2. Go to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.
  3. On the right side, right-click and delete the value with a long random name in the location address.
  4. Use the Win+R combination to access %UserProfile% and %LocalAppData% directories.
  5. Delete the 000x0x0-xxx0-000x-00x0-xxx000xx0xx0 format random name file from both directories.
  6. Delete the script.ps1 file from both directories. Press Win+R again.
  7. Type %WINDIR% and click OK.
  8. Go to System32\Tasks and delete Time Trigger Task.
  9. Run a full system scan with a licensed security tool.

In non-techie tems:

BBOO Ransomware is a dangerous computer infection. This program can block you from accessing your files, and it will definitely do so. While it is not that complicated to remove BBOO Ransomware, it might be really challenging to restore your files. Therefore, if you feel at a loss, you should consider addressing an IT specialist. It is also possible that some of the files are lost for good, so please do not panic. Ransomware programs are just that dangerous.