BBOO ransomware

BBOO ransomware – the 205th variant of Djvu/STOP ransomware that is currently undecryptable

BBOO ransomware is a dangerous cyber threat that can infiltrate computer systems through email spam, software cracks, hacked RDP, and OS flaws

BBOO ransomware is a dangerous cyber threat that can infiltrate computer systems through email spam, software cracks, hacked RDP, and OS flaws

BBOO ransomware, discovered by Michael Gillespie,^[1] is a recent computer virus that has appeared from the Djvu ransomware family and employs the AES-256 cryptography algorithm for locking up all files discovered. When the malware scans the system for encryptable components and locks up all of them, the .bboo extension is attached to each filename. This is a sign that the data has been locked and reversing it will require another specific key.

Later on, BBOO ransomware places a ransom message named _readme.txt that comes in a Notepad blank and provides monetary demands in exchange for the decryption tool. Criminals ask for a starter price of $490 that needs to be transferred in Bitcoin cryptocurrency within 3 days.

However, if the victims do not manage to fit in this time limit, the ransom amount doubles to $980. Also, these people provide the [email protected] and help [email protected] email addresses for making contact. Keep in mind that this is just a way to convince you to pay the price faster and you should consider not doing it at all due to the risk of getting scammed.

According to VirusTotal information,^[2] the malicious payload of BBOO ransomware has been detected by 50 different antivirus engines out of the total 72. Some of the detection names include Gen:Variant.Mikey.109427, Win32:CrypterX-gen [Trj], A Variant Of Win32/Kryptik.HAYC, Trojan-Ransom.Win32.Stop.kb, Trojan.MalPack.GS, Mal/Generic-S, and others.

Djvu ransomware has been releasing new versions rapidly and .bboo files virus is another one that has shown up at the start of February this year. The malware uses secret delivery techniques such as attacking the targeted computer system via email spam campaigns that pretend to be fake order delivery notifications from reliable companies such as FedEx, DHL, and others. Also, criminals often misuse the vulnerable configuration of RDPs and manage to enter the system remotely.

We have come to the conclusion that BBOO ransomware mostly targets English-speaking users as the ransom note and all its instructions are written in the English language. This way criminals can target a wide range of people as English is the most popular language in the world. However, some other ransomware viruses operate by distributing the same ransom note in different languages depending on where the infected Windows computer system is located.

Once BBOO ransomware plants its malicious payload on the computer system, it starts altering the Windows Registry and Task Manager by adding malicious keys and processes to these directories. This way the malware assures that it is always launched during every computer boot process. Also, some executables allow the ransomware virus to repeatedly scan the system for encryptable files and documents to make sure that there are no components left unlocked.

You can recognize BBOO virus from the .bboo extension that it appends to all of the locked components. For example, if you held a file named report.docx, after the encryption, it would turn to report.docx.bboo. After that, the ransom note appears placed on your desktop and also might be included in every folder that has encrypted documents. Here, take a look at how the entire ransom-demanding note looks like in order to be able to recognize it:

ATTENTION!

Don’t worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-Oc0xgfzC7q
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that’s price for you is $490.
Please note that you’ll never restore your data without payment.
Check your e-mail “Spam” or “Junk” folder if you don’t get answer more than 6 hours.

To get this software you need write on our e-mail:
[email protected]

Reserve e-mail address to contact us:
[email protected]

Your personal ID:

It is also known that BBOO ransomware seeks to speed up the encryption process by locking up only the first 154kb of the affected file. Furthermore, the malware can lock up any types of documents that are stored not only on the system but also the data that is getting transferred through a remote drive. However, it is known that this ransomware virus does not touch any files and documents that are marked as .dll, .lnk, .ini, .bat, and .sys.

In addition, BBOO ransomware skips various system-related folders such as %AppData%, %Windows%, %Program Files% so that the user would still be able to use the infected Windows computer system for activities such as making the demanded ransom payment, writing the cybercriminals, and so on. These people even offer to recover one simple file (that does not include any important information) for free in order to provide proof of the decryption tool’s existence.

BBOO ransomware might also aim to disable the antivirus software that is lurking on your computer system to prevent detection. So, if the malware is blocking your antimalware program, you might not receive any alerts from it when the infection process starts and proceeds. However, this type of feature will make the BBOO ransomware removal process difficult unless you diminish the malicious changes by booting your PC in Safe Mode with Networking.

Furthermore, BBOO ransomware might target your Shadow Volume Copies^[3] and damage or erase them permanently via PowerShell commands. This type of process prevents users from employing third-party software that could help to recover some encrypted files if the Shadow Copies are safe. Additionally, the malware can destroy the Windows hosts file in order to prevent users from accessing cybersecurity-related websites and forums.

BBOO ransomware is a file-encrypting cyber threat that uses the AES-256 cipher to lock up files and documents on the infected Window PC

BBOO ransomware is a file-encrypting cyber threat that uses the AES-256 cipher to lock up files and documents on the infected Window PC

When you remove BBOO ransomware from your Windows computer system, do not forget to eliminate the hosts file too, otherwise, the access can remain blocked. For the elimination process of the malware, you should use only reliable antimalware programs that are capable of dealing with such complex cyber threats. Also, if you have discovered any damage that was brought to your Windows device by BBOO ransomware, try repairing the affected objects with Reimage Reimage Cleaner .

BBOO ransomware might infiltrate other malicious strings into the infected system by making it vulnerable to additional infections and opening the backdoors. STOP ransomware variants are known for the distribution of AZORult Trojan virus, so this version might also be capable of the same thing. If a trojan appears on your computer system, you are likely to experience multiple software damage, overuse of the CPU, data and monetary thefts, etc. 

A little bit about file encryption and possible recovery techniques

Djvu ransomware variants sometimes employ offline encryption keys rather than online ones and we are going to explain the difference between them. When the targeted device is infected, the malware assures that it can successfully connect to a C&C server. If BBOO ransomware succeeds in this task, it employs and online key and starts locking up all the data found. Such keys differ for each victim and are held on remote servers that are accessible only for crooks.

However, if BBOO ransomware finds out that it cannot successfully connect to a Command and Control servers, it employs an offline tool that is the same for every victim. If you are not sure what type of key was used for the encryption, you should check your personal ID that is placed in the C:/SystemID/ directory in the PersonalID.txt text file. Stored keys that end with t1 are a sign that an offline key was used and you have chances of recovering at least some of your files.

Sadly, it is more possible that BBOO ransomware uses online keys and you are likely to have some trouble with the data recovery process. Emsisoft experts have provided a Djvu decrypter that works for offline key versions and those other variants that were released before August 2019.^[4] However, this does not mean that you have to rush to pay cybercriminals the demanded price that can reach even up to $980 if you are more than three days late.

BBOO ransomware developers are orientated towards their own business and these people do not really care about the victims or their files. There is a big chance that you will get scammed by these people if you decide to pay them. They might provide you with a fake tool or give no key at all. Rather than taking such risk, go to the end of this article where you will find data recovery possibilities provided by our experts. If completed as required, these steps might be really helpful.

BBOO ransomware is the 205th version of Djvu ransomware

BBOO ransomware is the 205th version of Djvu ransomware

Hacked RDPs and phishing emails are the main malware carriers

According to cybersecurity specialists from NoVirus.uk,^[5] ransomware infections are delivered through various stealth techniques. However, one of the most popular ransomware distribution sources is email spam. Phishing messages often come with attachments or hyperlinks that carry the malicious payload. Crooks often pretend to be from reliable companies and carry banking details, canceled flight notices, order information, ticket processing, and similar.

If you have received a bogus email and you are not sure where it has come from, better delete it and definitely do not open any attached files. If you have already downloaded the document, do not open it without performing a thorough malware scan first. Also, you should check for possible grammar mistakes in the email message as all reputable companies would make sure that their notifications are delivered without any mistakes in them.

Furthermore, ransomware-related payload can fall into the computer system through hacked RDPs, for example, the TCP port 3389. Criminals look for RDP that includes easy-guessable passwords or has not security codes at all. This way hackers are able to break through the very weak security barrier and install ransomware on the device remotely.

However, ransomware infections can also arrive through cracks of software that are loaded on peer-to-peer websites such as The Pirate Bay, eMule, BitTorrent. Also, malware developers can exploit various system flaws that are related to the operating system, web browsers, services such as Microsoft Office, and all types of third-party apps.

You should avoid downloading products, services, and software from unknown sources as there is a high risk of malware infection. Get all of your things from reliable developers and their official web pages. Continuously, make sure that all of your software, OS, and other services are always updated to avoid possible flaws. Last but not least, make sure to employ reliable antimalware software that will scan your Windows computer system once in a while and provide malware protection.

Tips on BBOO ransomware removal process

BBOO ransomware removal is the first step that you should complete if you want to free your Windows computer from the dangerous infection and have a chance of recovering at least some of your files. You should employ a reliable antimalware program that will complete the entire job for you, search your whole computer system for malicious products and make sure that the malware is gone together with all the additional content that it has brought.

When you remove BBOO ransomware from your device, it is time to search for possible damage. You can try using software such as SpyHunter 5Combo Cleaner or Malwarebytes for discovering the corrupted areas. When the results come, you can try repairing the performed damage with the help of Reimage Reimage Cleaner . Afterward, you can continue with data recovery techniques that are provided at the end of this article. Make sure to complete each step as required to achieve the best results possible.