BOMBO Ransomware
The BOMBO Ransomware is a file-locking Trojan without a known family or Ransomware-as-a-Service affiliation. Its payload is typical for a threat of its kind and will block media files on your computer by encrypting them in a way that may not be reversible. In most cases, anti-malware products will remove the BOMBO Ransomware, and attention to backup security can prevent permanent data loss.
Falling into the Rhythm of a Money-Hungry Drumbeat
RaaS businesses make up the bulk of file-locking Trojans, but there always is room for independent 'workers.' Attribution isn't easy, as some cases, like the BOMBO Ransomware, will include plagiarism in their payloads. However, what's certain is that this Trojan is selling a decryption service by blocking files – with the traditional non-consensual encryption being its technical enabler.
The BOMBO Ransomware name has various etymological origin possibilities, including the Spanish word for 'drum.' The title comes from the Trojan using the word as the extension that it adds onto whatever file it locks, such as a document or picture, with the extra addition of its e-mail address. These features are, however, superficial ones next to the data encryption that performs the actual 'locking' portion of the attack and stops the file from opening.
Although malware analysts have yet to examine all the BOMBO Ransomware features in their totality, they do see samples dropping ransom notes. In the BOMBO Ransomware's case, the Trojan is delivering its demands with interactive HTA files and includes links for a TOR browser-based service. The message also is a partial copy of one from the Dharma Ransomware family, which complicates the process of attributing this Trojan to an author or tracing its geographical birthplace.
Marching to the Beat of Safer Files
The BOMBO Ransomware doesn't give an immediate price for unlocking the user's files, but most file-locking Trojans begin with demands at several hundred dollars and scale upwards from that point. Malware researchers recommend against depending on the Shadow Volume Copies singularly, which most Trojans of this class will wipe. Password-secured backup content, and similar copies on removable devices, give users a non-ransoming recovery route.
File-locking Trojans often infiltrate businesses ranging from small-scale ones to enterprise-level entities by exploiting outdated server software, brute-forcing logins or using phishing e-mails. Malware experts suggest that everyone take general-purpose safety measures, such as disabling JavaScript and Flash, turning off RDP and scanning downloads such as torrents. Security patches also are crucial for all users.
The BOMBO Ransomware is a Windows threat, and committed anti-malware programs that are compatible with that OS should delete the BOMBO Ransomware.
Unraveling the multiple-choice past that the BOMBO Ransomware offers with scant clues might become unnecessary, as new Trojans replace it. There also is a chance of its retaining relevance into the future of the threat landscape, though, as it continues blocking files and sending victims to the dark side of the Web.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.