How to remove Bom Ransomware and decrypt .bom files

What is Bom Ransomware

Bom is the name of a ransomware infection. Malware within this category encrypts system-stored data and demands victims to pay money for its return. This ransomware variant is also a by-product of the VoidCrypt family. During encryption, the virus renames all targeted files according to this example – 1.png.[tormented.soul@tuta.io][MJ-KB3756421908].bom. Your renamed files may slightly vary (e.g., different string of characters), but the basis will remain the same. After successfully restricting access to data, the ransomware creates a text note called Scratch – to provide decryption guidelines.

The note is located in the C:\Users path and explains what should be done to return the blocked data. It is said victims have to find a file named prvkey*.txt.key (the note specifies where) with any number like prvkey3.txt.key and send it to cybercriminals by email. Victims can also attach one encrypted sample (no more than 1Mb and without valuable information) and get it decrypted for free. This way, cybercriminals show that they are actually able to decrypt the restricted data. Unfortunately, it is often the case that decryption without the help of cybercriminals is almost impossible, and Bom Ransomware is not an exception. Encryption algorithms are often strong and therefore hard to crack with third-party software. The best recovery method you can benefit from without paying the ransom is to restore your files using backup copies of them. If such are available on external storage or cloud, you can easily use them for the restoration of data. In our guide you will also find some reputable and frequently used software for manual decryption/recovery, however, they are less likely to help with this ransomware specifically. Note that prior to trying to recover/decrypt your data, it is important to delete the virus infection first. You can do it in our guide below. In case of trying to decrypt data yourself, it is also worth making copies of encrypted data so that it does not get damaged during the process.

How Bom Ransomware infected your computer

There is no sole way how ransomware attacks its victims. The infiltration can happen through fake software updates or installers that conceal trojans, through unprotected RDP configuration, backdoors, keyloggers, unreliable software cracking tools, and e-mail spam letters as well. E-mail spam letters might be the most popular distribution vector on the above-mentioned list. The scheme is meant to function like this: cybercriminals design messages into a nice-looking cover to make users believe they were sent from legitimate parties, such as delivery firms (DHL, DPD, FedEx), banks, tax authorities, lottery campaigns, and so forth. Such messages may contain a lot of call-to-action text (sometimes highlighted in color) the purpose of which is to bait inexperienced users into opening malicious files or clicking on links. When it comes to malicious attachments, it is usually Word, Excel, PDF, JavaScript, EXE, ZIP, or RAR types of files that are bundled inside such messages. Malware developers use them to execute the installation of malware more easily – with few steps required from users. This way, it is important to avoid opening suspicious files or links, especially if you received them for no founded reason. Read our guide below to explore what can be done in order to protect your system from such threats in the future. There is plenty of useful material that you can capitalize on.

1. Download Bom Ransomware Removal Tool
2. Get decryption tool for .bom files
3. Recover encrypted files with Stellar Data Recovery Professional
4. Restore encrypted files with Windows Previous Versions
5. Restore files with Shadow Explorer
6. How to protect from threats like Bom Ransomware

Bom Ransomware files:


Scratch
{randomname}.exe


Bom Ransomware registry keys:

no information

How to decrypt and restore .bom files

Use automated decryptors

Download Kaspersky RakhniDecryptor

Use following tool from Kaspersky called Rakhni Decryptor, that can decrypt .bom files. Download it here:

Download RakhniDecryptor

There is no purpose to pay the ransom because there is no guarantee you will receive the key, but you will put your bank credentials at risk.

Dr.Web Rescue Pack

Famous antivirus vendor Dr. Web provides free decryption service for the owners of its products: Dr.Web Security Space or Dr.Web Enterprise Security Suite. Other users can ask for help in the decryption of .bom files by uploading samples to Dr. Web Ransomware Decryption Service. Analyzing files will be performed free of charge and if files are decryptable, all you need to do is purchase a 2-year license of Dr.Web Security Space worth $120 or less. Otherwise, you don’t have to pay.

If you are infected with Bom Ransomware and removed from your computer you can try to decrypt your files. Antivirus vendors and individuals create free decryptors for some crypto-lockers. To attempt to decrypt them manually you can do the following:

Use Stellar Data Recovery Professional to restore .bom files

1. Download Stellar Data Recovery Professional.
2. Click Recover Data button.
3. Select type of files you want to restore and click Next button.
4. Choose location where you would like to restore files from and click Scan button.
5. Preview found files, choose ones you will restore and click Recover.

Download Stellar Data Recovery Professional

Using Windows Previous Versions option:

1. Right-click on infected file and choose Properties.
2. Select Previous Versions tab.
3. Choose particular version of the file and click Copy.
4. To restore the selected file and replace the existing one, click on the Restore button.
5. In case there is no items in the list choose alternative method.

Using Shadow Explorer:

1. Download Shadow Explorer program.
2. Run it and you will see screen listing of all the drives and the dates that shadow copy was created.
3. Select the drive and date that you want to restore from.
4. Right-click on a folder name and select Export.
5. In case there are no other dates in the list, choose alternative method.

If you are using Dropbox:

1. Login to the DropBox website and go to the folder that contains encrypted files.
2. Right-click on the encrypted file and select Previous Versions.
3. Select the version of the file you wish to restore and click on the Restore button.

How to protect computer from viruses, like Bom Ransomware , in future

1. Get special anti-ransomware software

Use ZoneAlarm Anti-Ransomware

Famous antivirus brand ZoneAlarm by Check Point released a comprehensive tool, that will help you with active anti-ransomware protection, as an additional shield to your current protection. The tool provides Zero-Day protection against ransomware and allows you to recover files. ZoneAlarm Anti-Ransomware is compatible with all other antiviruses, firewalls, and security software except ZoneAlarm Extreme (already shipped with ZoneAlarm Anti-Ransomware) or Check Point Endpoint products. The killer features of this application are: automatic file recovery, overwrite protection that instantly and automatically recovers any encrypted files, file protection that detects and blocks even unknown encryptors.

Download ZoneAlarm Anti-Ransomware

2. Back up your files

As an additional way to save your files, we recommend online backup. Local storage, such as hard drives, SSDs, flash drives, or remote network storage can be instantly infected by the virus once plugged in or connected to. Bom Ransomware uses some techniques to exploit this. One of the best services and programs for easy automatic online backup is iDrive. It has the most profitable terms and a simple interface. You can read more about iDrive cloud backup and storage here.

3. Do not open spam e-mails and protect your mailbox

Malicious attachments to spam or phishing e-mails are the most popular method of ransomware distribution. Using spam filters and creating anti-spam rules is good practice. One of the world leaders in anti-spam protection is MailWasher Pro. It works with various desktop applications and provides a very high level of anti-spam protection.

Download MailWasher Pro