BigBobRoss Ransomware Unlocked by Avast and Emsisoft

Last updated June 23, 2021
Written by:
Bill Toulas
Bill Toulas
Infosec Writer

If you have had your files encrypted by the “BigBobRoss” ransomware, you can now finally get them back with Avast’s and Emsisoft's decrypters. While the particular ransomware didn’t get much coverage from the media due to the fact that there were bigger players dominating the field lately, it was still a pain since the start of the year, especially for Comcast Business customers who were the primary targets. Written in C++, the malicious software uses the AES-128ECB (Advanced Encryption Standard) to encrypt the victim’s files and add a “.obfuscated” extension.

bigbobross-001

source: avast.com

The corresponding ransom note includes the victim’s “unique ID” which is required for the decryption. The blackmailers ask for a bitcoin payment, as is usually the case in such incidents, and even point the victim to buy them from an online marketplace. Those who have been patient, like all ransomware victims should be, will be happy to learn that they won’t have to pay anything after all, as Avast and Emsisoft have released decrypters for the BigBobRoss. Users are expected to use a pair of the original and the encrypted file for an initial comparison, while Emsisoft’s implementation also offers the capacity to parse the ransom note and acquire the unique victim ID.

bigbobross_decrypter

What this means is that people should have some kind of an off-line backup of at least some of their files, just in case. If they don’t, they may still be able to use common Windows system files, emailed files, etc. This should cover everyone out there, saving many thousands of victims from having to pay ransoms to malicious actors. You should note however that decryptions do not always work as expected, and while decryption errors are infrequent, you may fail to obtain the desired results for very large files.

Have you been infected by the “BigBobRoss” ransomware? Share your experience in the comments section below, and help us spread the word by sharing this post through our socials, on Facebook and Twitter.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: