BigBobRoss Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 100 % (High) |
Infected Computers: | 4 |
First Seen: | January 23, 2019 |
Last Seen: | July 23, 2019 |
OS(es) Affected: | Windows |
The BigBobRoss Ransomware is an encryption ransomware Trojan, a malware threat designed to compromise the victims' files as an argument to demand a ransom payment from the victim. Encryption ransomware Trojans are becoming more common increasingly and carry out a well-known attack pattern, using strong encryption algorithms to lock the victims' files and then demanding a ransom payment via Bitcoin or other digital currency. The BigBobRoss Ransomware was first observed in early March carrying out attacks on computer users. While it is generally not possible to recover from attacks like these, there is a decryption utility available to help computer users restore the files compromised by a BigBobRoss Ransomware attack currently.
How the BigBobRoss Ransomware Infects a Computer
Threats like the BigBobRoss Ransomware encrypt victim's files and delete the System Restore Points, the Shadow Volume Copies, and other data that could help computer users restore their data after an attack. The main way in which the BigBobRoss Ransomware and similar threats spread is through corrupted spam email attachments, often using social engineering to trick computer users into downloading files with unsafe scripts that install threats like the BigBobRoss Ransomware. Once the BigBobRoss Ransomware is installed, it will work in the background, scanning the victim's computer for the user-generated files and encrypting them with a strong encryption algorithm. Threats like the BigBobRoss Ransomware target a wide variety of file types, which may include files with the following file extensions:
.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.
The BigBobRoss Ransomware makes it easy to recognize the compromised files because the BigBobRoss Ransomware will add the file extension '.obsfucated' to the end of the file's name. The BigBobRoss Ransomware drops its ransom note in the form of a text file named 'Read Me.txt' that demands that the victim contact the criminals via email to obtain the decryption key. Contacting the criminals responsible for the BigBobRoss Ransomware or making any payment, allows these criminals to continue to profit from the BigBobRoss Ransomware and develop new malware threats.
Dealing with the BigBobRoss Ransomware Infection
In most cases, computer users cannot restore the files encrypted by these attacks. However, a free utility named ‘BigBobRoss Decryptor' is available and can be used by computer users to restore the files compromised by the BigBobRoss Ransomware. Since it is so uncommon that a recovery program exists for these threats, however, it is highly recommended that computer users have file backups of their data and that these backups are stored on the cloud or an external device.