BBOO Ransomware

The STOP Ransomware family is picking up steam in 2020, with several new variants popping up. Among the newest copies of the STOP Ransomware is the BBOO Ransomware. In 2019 alone, there had been over 200 copies of the STOP Ransomware released into the wild, claiming countless victims.

Propagation and Encryption

Ransomware threats are often propagated via spam emails. The victim would receive an email that claims to be sent by a government institution or a reputable corporation. Needless to say, this is not the case, and the goal of the email is to trick users into launching the file attached to the message. Once the file is opened, it would compromise the user’s system. Other commonly used infection vectors are fake application updates, torrent trackers, pirated content, malvertisement operations, etc. As soon as the BBOO Ransomware infects a system, it would perform a scan whose goal is to locate the user’s data. Next, the encryption process would be triggered, and the targeted data will be locked with the help of an encryption algorithm. Once a file gets locked by the BBOO Ransomware, its name will be changed because this data-locking Trojan appends a new extension to the filename – ‘.bboo.’ For example, a file originally named ‘furry-paw.jpg’ will be renamed to ‘furry-paw.jpg.bboo’ after the encryption process has been completed.

The Ransom Note

Just like most ransomware threats, the BBOO Ransomware will proceed with the attack by dropping a ransom message for the user to read. The message of the attackers would be contained in a file called ‘_readme.txt.’ In the note, the attackers outline several main points. Contacting them within 72 hours of the attack, the victims would have to pay $490 as a ransom fee. However, the ones who fail to meet the deadline would have to pay double the price - $980. The attackers also offer to unlock one file free of charge as proof that they can reverse the damage done to the files. There are two email addresses provided as contact details – ‘helpdatarestore@firemail.cc’ and ‘helpmanager@mail.ch.

It is best to avoid interaction with cybercriminals. It is highly likely that they will not provide you with a decryption key even if you pay the ransom fee demanded. Instead, invest in a reputable anti-malware solution that will remove the BBOO Ransomware from your system securely.