Bubble Ransomware Removal Guide

Do you know what Bubble Ransomware is?

Bubble Ransomware is a ransomware-type computer infection dedicated to secretly infecting your computer and encrypting your personal files. It is a highly malicious computer infection, and we recommend that you remove it as soon as possible. We advise you against paying the ransom as the cyber crooks might not give you the decryption tool after you pay. We have received information that there is a free decryption tool now available online that can decrypt your files for free. Therefore, there is no need to comply with the demands of the cybercriminals as you can get your files back free of charge. For more information on this ransomware, please read this whole article.

Our malware analysts have concluded that Bubble Ransomware can be disseminated using malicious email attachments. Its developers may have set up an email server dedicated to sending fake emails with this ransomware included as an attached file. If you open the attached file, then your computer will become infected with Bubble Ransomware. Researchers have found that the file attachment is named “preventivo.pdf.exe.” Note the double extension that suggests that this file is a PDF file while being an executable (EXE) file, in fact. It is also reasonable to assume that its developers use bogus software downloads featured on malicious websites to infect your computer as well. Fake operating system updates and Flash or Java updates are also likely to be used. And, let us not forget fake ads that can initiate the download of this ransomware upon clicking them. In short, there are a lot of ways this ransomware can get onto your computer, so an anti-malware program is a must to ensure your computer’s safety and security.Bubble Ransomware Removal GuideBubble Ransomware screenshot
Scroll down for full removal instructions

Researchers say that this particular ransomware can encrypt 42 different file types that include but are not limited to .3gp, .ac3, .accdb, .accdt, .avi, .bmp, .pdf, .png, .rar, .tiff, .txt, .wav, and .xls. It uses an advanced encryption algorithm to encrypt that ensures a strong encryption. The good news is that some malware researchers have managed to exploit vulnerabilities in its source code and create a free decryption tool now available online, so we suggest that you find and use it to recover your files.

However, this ransomware’s developers want you to contact them via email at br5wf@notsharingmy.info, but the emails are forwarded to bubble.lck@gmail.com and then to bubble_lck@hmamail.com. The cyber criminals will probably ask you to send them some money using a cryptocurrency platform. The sum asked for the decryption tool is unknown, but you do not have to pay since the price may not be worth your files in addition to a free decryption program already available for this particular ransomware.

Getting rid of this malicious is vital to ensure your computer’s security and also because it will run each time you boot it up. Research has shown that Bubble Ransomware modifies the Windows Registry to run this ransomware on system startup. Researchers have revealed that it creates a subkey named [preventivo.pdf] at HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run. The value name of this subkey is %path%\preventivo.pdf.exe. This subkey is what is called Point of Execution (PoE) that is set to run this ransomware on each system startup.

That is all of the information currently available about Bubble Ransomware. Nevertheless, it is enough to conclude that this program is highly malicious. The good news is that you can get a free decryption tool and recover your files if your computer has been infected with this ransomware. We have included a manual removal guide below, but you can also use an antimalware program such as SpyHunter to delete it for you.

Removal Guide

  1. Press Ctrl+Alt+Delete.
  2. Select Task Manager.
  3. Select the Processes tab.
  4. Find the randomly named process that says “preventivo.pdf” in the Descryption section.
  5. Right-click it and click Open File location.
  6. Go back to the Task Manager.
  7. Right-click the randomly named process and select End Process.
  8. Then, go back to the folder where the file is located.
  9. Right-click it and click Delete.

In non-techie terms:

Bubble Ransomware is a typical ransomware-type computer infection whose objective is to encrypt your personal files and demand money for a decryption tool. It can encrypt many file formats and it targets file types that are apt to contain sensitive information. We urge to not comply with the cyber criminals’ demands and remove it as soon as possible.