Decrypter released for BigBobRoss ransomware targeting Comcast customers

News by SC Staff

A flaw within the BigBobRoss ransomware's code has been identified that can be used to decrypt the AES-128 ECB encrypted files without paying the ransom and a decrypter is now available.

Emsisoft's research team reports that it has uncovered a new ransomware campaign - BigBobRoss - which seems to target Comcast Business customers.

BigBobRoss is a ransomware written in C++ using QT. It uses AES-128 ECB to encrypt files, and adds the extension ".obfuscated". Some variants also prepend the victim ID to the filename. The ransom note "Read Me.txt" asks the victim to contact "BigBobRoss@computer4u.com".

The Emsisoft team reports that it was fortunately able to identify a flaw within the ransomware's code that can be used to decrypt the AES-128 ECB encrypted files without paying the ransom. The decrypter has just been released and is availalable here:

https://decrypter.emsisoft.com/bigbobross

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming event