BigBobRoss Ransomware Unlocked by Avast and Emsisoft

  • The two cybersecurity firms have “solved the riddle” and people can free their systems from BigBobRoss.
  • The particular ransomware was not the biggest headache, but still, it accounted for many thousands of infections since the start of the year.
  • Victims will only need a pair of files (original and encrypted) and their unique ID to decrypt their data.

If you have had your files encrypted by the “BigBobRoss” ransomware, you can now finally get them back with Avast’s and Emsisoft’s decrypters. While the particular ransomware didn’t get much coverage from the media due to the fact that there were bigger players dominating the field lately, it was still a pain since the start of the year, especially for Comcast Business customers who were the primary targets. Written in C++, the malicious software uses the AES-128ECB (Advanced Encryption Standard) to encrypt the victim’s files and add a “.obfuscated” extension.


The corresponding ransom note includes the victim’s “unique ID” which is required for the decryption. The blackmailers ask for a bitcoin payment, as is usually the case in such incidents, and even point the victim to buy them from an online marketplace. Those who have been patient, like all ransomware victims should be, will be happy to learn that they won’t have to pay anything after all, as Avast and Emsisoft have released decrypters for the BigBobRoss. Users are expected to use a pair of the original and the encrypted file for an initial comparison, while Emsisoft’s implementation also offers the capacity to parse the ransom note and acquire the unique victim ID.


What this means is that people should have some kind of an off-line backup of at least some of their files, just in case. If they don’t, they may still be able to use common Windows system files, emailed files, etc. This should cover everyone out there, saving many thousands of victims from having to pay ransoms to malicious actors. You should note however that decryptions do not always work as expected, and while decryption errors are infrequent, you may fail to obtain the desired results for very large files.

Have you been infected by the “BigBobRoss” ransomware? Share your experience in the comments section below, and help us spread the word by sharing this post through our socials, on Facebook and Twitter.


Recent Articles

Multiple Flaws in Apache Guacamole Leave Sour Taste for Corporate Networks

Check Point warns about an exploit chain leading “full network control” attack against corporate networks. The discovered flaws concern the FreeRDP 2.0.0...

Massive “V Shred” Data Breach Exposes More Than 99,000 Customers

“V Shred” has left an unprotected database online, exposing the sensitive details of 99,000 clients. The data that has leaked includes names,...

TrickBot Malware Has Updated Itself With Anti-Analysis Features

TrickBot is now checking what resolution it’s running on and stops if it’s an unusually low setting. The notorious trojan is checking for...

Top Selfie Beautification Apps Available in India Right Now

The ax of the Indian government has cut even the popular selfie beautification image apps “YouCan Makeup,” “Selfie City,” and “Meitu,” in the context...

Top 5 Alternatives for the “DU Battery Saver” That Was Banned in India

Due to the recent ban of 59 Chinese apps imposed by the Indian government, the “DU Battery Saver” has been blocked in the country....