Zobm Ransomware Removal Guide

Do you know what Zobm Ransomware is?

Zobm Ransomware is not an infection that you can just delete and forget about. Even if you can erase it successfully, it will leave a scar. That is because this threat encrypts files, and once they are encrypted, they cannot be read anymore. At the time of research, we could not confirm whether or not a free decryptor works for all victims of this malware, but our malware analysts note that a Stop Decryptor exists. For the most part, it is only capable of restoring files that are encrypted using an offline key. For now, this is the only free decryptor whose functionality has been proven. Unfortunately, if this tool does not work, some victims might decide to obtain the decryptor presented by cybercriminals. Instead of doing that, you should focus your energy on the removal of Zobm Ransomware.

Our malware experts agree that Zobm Ransomware comes from the STOP Ransomware family, which makes it a clone of Grod Ransomware, Mbed Ransomware, Nakw Ransomware, Toec Ransomware, and a bunch of other threats that were created using the same code, and, quite possibly, the same attackers. The threat is likely to slither in with the help of unreliable software downloaders or spam emails, and if you do not remove it instantly, it will encrypt files. After that, the “.zobm” extension should be added to all of their names. Do not waste your time trying to delete this extension because you cannot restore your files by doing it. Unfortunately, it does not look like you can restore files using the “decrypt tool” proposed by the attackers behind Zobm Ransomware either.Zobm Ransomware Removal GuideZobm Ransomware screenshot
Scroll down for full removal instructions

Once all files are encrypted, Zobm Ransomware drops a file named _readme.txt. The purpose of this file is to deliver a message that is meant to convince victims that they can decrypt their files. The conditions are that the victim emails the attackers (datarestorehelp@firemail.cc or datahelp@iran.ir) to gather information necessary for the payment. Then, they need to pay the ransom of $490. After this, the decryption tool should be sent to the victim. Would that happen? That is highly unlikely to be the case. The main goal is to get your money, and it is unlikely that cybercriminals care whether or not you can get your files back. If you can replace the corrupted files with copies stored in backup, you should do that after you delete Zobm Ransomware. If you do not have backups, try using the free decryptor. Even if you decide to take the risk of paying the ransom, you want to exhaust other options first.

As you can see in the guide below, the first step towards the complete removal of Zobm Ransomware is the elimination of the launcher. We do not know where it is, or what its name could be, but if you delete recently downloaded suspicious files, you might successfully eliminate the threat. Other components that must be eliminated include a ransom note file, an ID file, and other ransomware-related files stored in a unique folder. If you choose to delete Zobm Ransomware manually, do not skip the full system scan. Employ a trusted malware scanner and use it to determine whether or not there is anything that you need to eliminate. Better yet, employ an anti-malware tool that will simultaneously erase the threat and also secure your system to keep you safe in the future.

Remove Zobm Ransomware from Windows

  1. Delete recently downloaded files.
  2. Tap keys Win+E to access Explorer.
  3. Enter %homedrive% into the bar at the top.
  4. Delete the file named _readme.txt.
  5. Delete the folder named SystemID if it has the PersonalID.txt file inside.
  6. Enter %localappdata% into the bar at the top.
  7. Delete the [random name] folder that contains ransomware files.
  8. Empty Recycle Bin and install a malware scanner tool you trust.
  9. Perform a full system scan to check for potential leftovers.

In non-techie terms:

Although Zobm Ransomware invades operating systems silently, you might feel as if a bomb exploded once you discover this threat. That is because it fully encrypts personal files, and they cannot be restored manually. The threat comes from the STOP Ransomware family, and although a free STOP decryptor exists, we cannot know whether or not you will be able to use it to restore your own files. We hope that you have copies of files in backup and that you can use them to replace the corrupted files after you delete Zobm Ransomware. You might be able to get rid of this malware yourself, but if you cannot locate its components and if you need help securing your Windows operating system in the future, we strongly recommend implementing legitimate and up-to-date anti-malware software.