BigBobRoss is a ransomware written in C++ using QT. It uses AES-128 ECB to encrypt files, and adds the extension ".obfuscated", ".encryptedALL", or ".cheetah". Some variants also prepend the victim ID to the filename. The ransom note "Read Me.txt" asks the victim to contact "[email protected]".
The ransom note contains the following text:
Hello, dear friend!
1- [All your files have been ENCRYPTED!]
Your files are NOT damaged! Your files are modified only.
The only way to decrypt your files is to receive the decryption program.
your files can not be decrypted without the special program we made it for your computer.
2- [ HOW TO RETURN FILES? ]
To receive the decryption program Write to our email "[email protected]"
and tell us your unique ID
3- [ FREE DECRYPTION! ]
Free decryption as guarantee.
We guarantee the receipt of the decryption program after payment.
To believe, you can give us 1 file that must be less than 1MB and we decrypt it for free.
File should not be important to you! databases, backups, large excel sheets, etc.
4- [ Instruction ]
the easiest way to buy bitcoins is LocalBitcoins site. you have to register, click "buy bitcoins"
and select the seller by payment method and price.
please do not change the name of files or file extension if your files are important to you!
Your unique ID : [ID]
To use the decrypter, you will require one of the ransom notes left by the malware.