Home / Spyware Help / BOMBO Ransomware Removal Guide

BOMBO Ransomware Removal Guide

by 0 Comments

Do you know what BOMBO Ransomware is?

The name of BOMBO Ransomware might be intimidating, but when you dissect this malware, you realize that it is just a regular file-encrypting threat that cybercriminals made up to extort money from Windows users. This particular infection is part of the Dharma/Crysis ransomware family, and hundreds of unique threats belong to it already. Some of them include GTF Ransomware, NCOV Ransomware, and SepSys Ransomware. The good news is that free Crysis and Dharma decryptors have been created by researchers; however, we cannot promise that you will be able to restore your personal files using them. Unfortunately, the decryptor proposed by the attackers behind the threat certainly cannot be trusted, and so you do not have many options to choose from. Continue reading to learn more about that and, of course, to learn how to remove BOMBO Ransomware.

When did you discover BOMBO Ransomware first? It is unlikely that you found this malware before your personal files were encrypted, because that would have given you the chance to stop and delete it. Unfortunately, it can be distributed in stealthy ways, and you might not notice when that happens at all. In some cases, the launchers of ransomware are concealed as harmless spam email attachments. In other cases, they are hidden in bundled downloaders. Once the launcher of BOMBO Ransomware is in, it encrypts all personal files and attaches the “.id-*.[Bit_decrypt@protonmail.com].BOMBO” extension to all of their names. A unique ID is included. This extension might be the first sign of malware. However, you are most likely to learn about the attack via the “Bit_decrypt@protonmail.com” window launched after encryption. This window can be closed, but you might be captured by the message represented via it first.BOMBO Ransomware Removal GuideBOMBO Ransomware screenshot
Scroll down for full removal instructions

According to the message represented by BOMBO Ransomware, all encrypted files can be recovered if you follow the instructions to send a unique ID code to Bit_decrypt@protonmail.com. Obviously, no one would give you a decryptor if you just sent an email. If you did that, the attackers would then instruct you to pay money in return for a decryption tool. While that might seem like a good enough deal – and that depends on the size of the ransom – we do not recommend paying the ransom. The reason for that is simple: the attackers are not obligated to give you anything in return. Once you transfer your savings into the attackers’ pockets, you will be stuck. No one can force the attackers to give you a decryptor or send your money back. This is why we hope that the free decryptor will work for you or that you have backups that can replace the corrupted files. If this is your option, you must delete BOMBO Ransomware first.

We cannot promise you that you will be able to remove BOMBO Ransomware completely by following the guide below. As you can see, some components have random names and unknown locations. Of course, if you are able to successfully delete BOMBO Ransomware manually, you should not hesitate to start the process right away. But won’t that make it impossible to use the decryptor provided by the attackers? We doubt that you would obtain that decryptor anyway, and that is why we do not recommend contacting the attackers and paying the ransom. If you are unable to remove the threat yourself, the best thing you can do is install an anti-malware tool. In fact, this is the best option in any case. The tool will automatically erase malware components and also help you protect your system against new threats in the future. After the infection is erased, use a free decryptor or your own backups to restore/replace the corrupted files.

Remove BOMBO Ransomware

  1. Open File Explorer by tapping ALT and F keys at the same time.
  2. Enter %APPDATA% into the field at the top to access the directory.
  3. Delete the file named Info.hta.
  4. Enter %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ into the field at the top.
  5. Delete the file named Info.hta and also a malicious {random name}.exe file.
  6. Check the following directories for recently downloaded malware files (delete them if found):
    • %TEMP%
    • %USERPROFILE%\Desktop
    • %USERPROFILE%\Downloads
  7. Exit File Explorer and then Empty Recycle Bin.
  8. Install a trusted malware scanner.
  9. Perform a full system scan to check for malware components you might have missed.

In non-techie terms:

There is no doubt that BOMBO Ransomware is a dangerous threat, and that becomes clear as soon as this malware slithers into your operating system and silently encrypts all of your personal files. Unfortunately, once files are encrypted, they cannot be read, and that is when the attackers strike. They deliver a misleading message, according to which, all files can be restored after the victim contacts the attackers and, most likely, pays a ransom. Hopefully, you are not tricked by this scam. We recommend deleting BOMBO Ransomware without delay. If you cannot do that yourself, or if you are worried about your system’s protection in the future, we advise implementing legitimate anti-malware software. Once your system is clean and protected, replace the corrupted files with backups, or give the free decryptor a try.