Bubble Ransomware
The Bubble Ransomware is a ransomware Trojan that was reported on June of 2017, around the last week of that month. The Bubble Ransomware is being delivered to victims using bogus invoices, which appear as PDF files with a double extension, hiding the EXE extension by placing a '.pdf' string before it. For example, a file associated with the Bubble Ransomware may be delivered as 'preventivo.pdf.exe,' making it seems as if it's a PDF file since the extension of a file will often not be shown by default. It is likely that the Bubble Ransomware is being delivered to victims by using phishing email attacks, targeting small and medium businesses and taking advantage of the typical email traffic handled by these offices. Fortunately, PC security researchers have managed to release a decryption utility to help computer users recover from the Bubble Ransomware attacks.
Table of Contents
The Bubble that Turns Your Files Unusable
The Bubble Ransomware has been seen with other names, including 'CryptoBubble Ransomware' and 'Preventivo Ransomware.' In its attack, the Bubble Ransomware will encrypt the victim's files and then add the file extension '.buble' to the end of the file's name, as a way of identifying the files that are encrypted by the attack. The Bubble Ransomware is designed to infect computers running the Windows operating system, infecting various versions of Windows. The Bubble Ransomware will target the user-generated files, avoiding the files that are necessary for the affected computer to function normally. The following are the file extensions that are targeted in the Bubble Ransomware attack:
.3gp, .ac3, .accdb, .accdt, .avi, .bmp, .cdr, .csv, .DivX, .doc, .docm, .docx, .dwg, .jpeg, .jpg, .mid, .mov, .mp3, .mp4, .mpeg, .mpg, .odb, .odf, .odg, .odp, .ods, .odt, .ogg, .ogv, .otg, .otp, .ott, .pdf, .png, .rar, .tiff, .txt, .wav, .xls, .xlsm, .xlsx, .zip.
The Bubble RansomwareRansom Note and Payment
The Bubble Ransomware displays its ransom note as a dialog box on the infected computer. The Bubble Ransomware's ransom note's window is named 'preventivo.pdf' and displays the following message on the infected computer:
'Hello, I am Bob, do you remember the game? Unfortunately, the world has
changed and I have changed too: once spit bubbles, today i encode your file! 🙂
Well, if you want to recover your files, please contact us at
'br5wf@notsharingmy.info' and we will find a solution and will promptly send
you the unlock key to retrieve all your files... Good Lucky'
The Bubble Ransomware does not present any interface to the victim for payment, and victims of the attack may need to contact the people responsible for the Bubble Ransomware attack. The Bubble Ransomware also will display the following message on the infected computer:
'bubble bobble... bubble bobble... bubble bobble... bubble bobble... bubble bobble... bubble bobble...
bubble bobble... bubble bobble... bubble bobble... bubble bobble... bubble bobble... bubble bobble... bubble bobble...
bubble bobble... bubble bobble... bubble bobble... bubble bobble... bubble bobble... bubble bobble... bubble bobble.'
There is no need to pay the Bubble Ransomware ransom since there is an available decryption utility for the Bubble Ransomware. This is because there are certain weaknesses in the Bubble Ransomware's code that have allowed PC security researchers to study the Bubble Ransomware in detail and release a way for computer users to recover from the Bubble Ransomware attack. It is possible that the con artists will update the Bubble Ransomware and release a new version to attack computer users, which may not be susceptible to the decryption software.
Protecting Your Data from the Bubble RansomwareAttacks
The best protection against the Bubble Ransomware and other ransomware Trojans is to have file backups of all your data. The file backups should be on an external memory device or the cloud, and having them will make you invulnerable to the effects of these attacks completely. A reliable security program also should be used.
