BBOO Ransomware
The BBOO Ransomware is a file-locking Trojan that's part of the Ransomware-as-a-Service STOP Ransomware (or Djvu Ransomware). Infections can block files on your computer, destroy backups, and extort money through text messages. Appropriately storing your backups will avoid any data loss, and most anti-malware utilities should spot and clean the BBOO Ransomware from any Windows computer.
A Black Hat Business Going 'Boo!' to Your Files
The iterative nature of the Ransomware-as-a-Service sector is well documented, with new evidence of this process ongoing into 2020. The STOP Ransomware (or Djvu Ransomware, according to one of its earliest variants) is a family of note in this illicit industry since mid-2918, but remains highly relevant today. New versions like the BBOO Ransomware only re-emphasize the efficiency of its features for making money off of the backs of users without proper backup standards.
The BBOO Ransomware's business model centers around abusing AES-256 encryption, with which it encrypts and blocks media partially, including Word or PDF documents, JPG or GIF pictures, etc. Most variants of the family, such as the Alka Ransomware, the Npsg Ransomware, the Nosu Ransomware and the Kodc Ransomware, also include a Restore Point-deleting precaution, which malware experts also anticipate being in the BBOO Ransomware's payload. Each locked file should bear the 'BBOO' from the BBOO Ransomware's name as an additional extension.
The accompanying TXT note is the other half of the Trojan's monetization model, which sells a decryptor through a template that's common to its family members. However, the BBOO Ransomware infections also put victims at risk from other attacks worth taking notice of:
- The BBOO Ransomware may display a pop-up imitating a Windows update progress bar (for distraction).
- The BBOO Ransomware attacks may coincide with the presence of password-collecting spyware like AZORult.
- The BBOO Ransomware may blocks websites from loading by altering the Hosts file's IP address and domain settings.
Don't Get Scared of Business Gone Bad
The BBOO Ransomware is at its most frightful as a danger to businesses and even individuals who aren't backing their work up elsewhere. Cloud storage, removable USBs, and similar options prevent file-locking Trojans from gaining access to all media and blocking or destroying it. Since the BBOO Ransomware belongs to the newer iteration of the STOP Ransomware's family, little to no help concerning free decryption unlockers is possible for any victims.
Criminals exploiting the STOP Ransomware's Ransomware-as-a-Service capabilities can use any propagation or installation methods they prefer. Past campaigns, often, use torrents with mislabeled files related to gaming cracks or movies. Other attempts against vulnerable businesses, especially, might occur through e-mail attachments or brute-forcing logins directly. Proper attention to software patching and password management is crucial for all network administrators.
Although the BBOO Ransomware is part of a thoroughly-analyzed family, malware experts only can recommend uninstalling the BBOO Ransomware through dedicated anti-malware tools. With over fifty products detecting it currently, its evasion capabilities can are safely describable as almost nil.
Different versions of the BBOO Ransomware are hiding as pseudo-randomly-named temporary files while executing their file-locking attacks. With so unnoticeable an appearance, users should lean on automated tools and previously-saved backups for keeping this new variant from being frightful particularly.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.