BigBobRoss Ransomware
The BigBobRoss Ransomware is a file-locking Trojan that can block your digital media with encryption before delivering its ransoming demands through a note. Since its current encryption feature isn't secure, victims can recover with a free decryptor if they don't have an appropriate backup. Always uninstall the BigBobRoss Ransomware beforehand with a quality anti-malware product for keeping it from locking any additional files.
A Trojan is Painting over Your Files
An early sighting of an independent, file-locker Trojan has provoked further research from the cyber-security industry and even the development of a solution to current builds. For now, malware analysts are finding versions of the BigBobRoss Ransomware in Windows executable formats, but its development environment of QT can support porting to Mac or Linux systems. The rest of the BigBobRoss Ransomware's campaign, like those of much broader threats, such as Hidden Tear, is using a no-surprises strategy of encrypting your media for its ransoming leverage.
The BigBobRoss Ransomware is a C++ program that uses AES-128 in ECB (or Electronic Codebook) mode encryption for blocking your files, such as documents, image galleries or music. It inserts 'obfuscated!' extensions in their names, which is an archetypal feature of file-locker Trojans, and generates a Read Me file when its attack concludes. Malware experts can confirm that the latter is a ransoming instructions template that's similar to those in old Trojans' campaigns, with its promotional links to streaming movie pages being its most stand-out characteristic. Both pages are down as of March 11.
Most file-locking Trojans use additional means of enciphering for 'securing' the captive media, such as another layer of RSA encryption. However, the BigBobRoss Ransomware isn't secure, and its current release should be decryptable by a utility that an AV company is making available to the general public. The usual warnings regarding freeware-based recovery from these attacks (such as the possibility of the decryption failing or providing an imperfect copy of the original media) remain.
Keeping the Colors of Your Files Just the Way You Like
The BigBobRoss Ransomware's painter-themed campaign makes it more memorable than the average, low-level, file-locker Trojan, but its attacks are a far cry from those of the Jigsaw Ransomware and its other competitors. Whether or not recovery through decryption is practical, the users should be mindful about storing backups of their files on devices with protection from file-locker Trojans, such as a separate USB drive or a cloud storage service. Decryption isn't always a realistic option, and most file-locker Trojans, unlike the BigBobRoss Ransomware, have no freeware unlocker.
The BigBobRoss Ransomware's samples lack any characteristics linking it back to an infection method, which could encompass several possibilities, both opportunistic and targeted. E-mail messages with compromised documents attached, drive-by-download scripts on a compromised website or the manual introduction of the program after its author brute-forces a server's login are some of the most likely elements of exposure. Except for criminals installing it manually, most circumstances allow anti-malware tools the opportunity of blocking the installation or removing the BigBobRoss Ransomware immediately.
The use of a beloved industry name for criminal promotion isn't new or unique to the BigBobRoss Ransomware. Thankfully, its cryptography isn't as sophisticated as the paintings of its namesake, which allows for a solution that victims can count on – for now.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.