BigBobRoss Ransomware Removal Guide

BigBobRoss Ransomware encrypts victim’s files and marks them with a second extension called .obfuscated. If you are seeing this extension on your data, as well as a ransom note encouraging to email BigBobRoss@computer4u.com, your computer was most likely infected by this threat. What we recommend for you to do is to read the rest of our report carefully to get to know this malicious application better. The ransom note may tell you to contact the hackers behind the malware as fast as possible, but it is best not to rush in such situations. Further in the article, readers can learn how BigBobRoss Ransomware might be distributed, how it works, and how to eliminate it from the computer. You may also find useful the deletion instructions located at the end of the article, as they will list all the steps you need to complete to remove the malware manually.

For starters, we should explain how BigBobRoss Ransomware could end up on your system. Our specialists believe the malicious application might be distributed via unsecured RDP connections, malicious email attachments, fake installers, and so on. Consequently, if you wish to protect your computer from threats alike, you should try not to interact with doubtful files and keep away from websites that could contain potentially dangerous material. What’s more, whenever you are in doubt, you can check the suspected file with a reliable security tool, so if you have not installed it yet, we highly recommend considering it.

Our specialists report the malware does not encrypt all data available on the computer. It seems BigBobRoss Ransomware was programmed to encrypt files only in three particular folders (Desktop, Downloads, and Favorites) located in %USERPROFILE%. Once targeted files are locked, the malicious application ought to change the computer’s background image and open a text file named Read Me.txt. We noticed the threat might keep opening the mentioned text document if the user does not erase it. Inside of it, there should be a message saying “Hello, dear friend!” The rest of it explains what happened to the victim’s files and what to do to get them back to normal.

To be more accurate, the hackers behind BigBobRoss Ransomware ask their victims to email them via given address. From the mentioning of Bitcoins and free decryption services for one file, one can only assume the user will be asked to pay a ransom. We cannot say what the sum is as we did not try to contact them ourselves and amounts requested by hackers who create such threats offer vary. Nonetheless, even if the sum is not significant, our specialists advise against making the payment. There are no reassurances the malware’s creators will send the decryptor. Instead, they may start asking for more money. Therefore, it seems to us the safest choice is to remove BigBobRoss Ransomware.

More experienced users could try erasing it manually while following the instructions prepared by our specialists. You should be able to find them if you scroll a bit below this paragraph. The other way to eliminate BigBobRoss Ransomware is to install a reliable security tool, scan the computer with it, and then press the provided removal button.

Get rid of BigBobRoss Ransomware

1. Tap Ctrl+Alt+Delete.
2. Pick Task Manager.
3. Select the Processes tab.
4. Look for a process associated with the malware.
5. Select the process and click End Task.
6. Leave Task Manager.
7. Tap Win+E.
8. Go to these locations:
   %TEMP%
   %USERPROFILE%\Downloads
   %USERPROFILE%\Desktop
9. Find the malicious file opened before the system got infected, right-click it and select Delete.
10. Locate all copies of Read Me.txt, right-click them and choose Delete.
11. Then go to your Desktop and search for bg.png, right-click it too and press Delete.
12. Close File Explorer.
13. Empty Recycle Bin.
14. Restart the computer.