BigBobRoss Ransomware Unlocked by Avast and Emsisoft

• The two cybersecurity firms have “solved the riddle” and people can free their systems from BigBobRoss.
• The particular ransomware was not the biggest headache, but still, it accounted for many thousands of infections since the start of the year.
• Victims will only need a pair of files (original and encrypted) and their unique ID to decrypt their data.

If you have had your files encrypted by the “BigBobRoss” ransomware, you can now finally get them back with Avast’s and Emsisoft's decrypters. While the particular ransomware didn’t get much coverage from the media due to the fact that there were bigger players dominating the field lately, it was still a pain since the start of the year, especially for Comcast Business customers who were the primary targets. Written in C++, the malicious software uses the AES-128ECB (Advanced Encryption Standard) to encrypt the victim’s files and add a “.obfuscated” extension.

The corresponding ransom note includes the victim’s “unique ID” which is required for the decryption. The blackmailers ask for a bitcoin payment, as is usually the case in such incidents, and even point the victim to buy them from an online marketplace. Those who have been patient, like all ransomware victims should be, will be happy to learn that they won’t have to pay anything after all, as Avast and Emsisoft have released decrypters for the BigBobRoss. Users are expected to use a pair of the original and the encrypted file for an initial comparison, while Emsisoft’s implementation also offers the capacity to parse the ransom note and acquire the unique victim ID.

What this means is that people should have some kind of an off-line backup of at least some of their files, just in case. If they don’t, they may still be able to use common Windows system files, emailed files, etc. This should cover everyone out there, saving many thousands of victims from having to pay ransoms to malicious actors. You should note however that decryptions do not always work as expected, and while decryption errors are infrequent, you may fail to obtain the desired results for very large files.

#Ransomware ICYMI We've just released a free decryption tool for BigBobRoss. Please help spread the word so that people don't needlessly pay the ransom. https://t.co/xOzqRkCZJz

— Emsisoft (@emsisoft) March 9, 2019

Have you been infected by the “BigBobRoss” ransomware? Share your experience in the comments section below, and help us spread the word by sharing this post through our socials, on Facebook and Twitter.