BooM Ransomware Removal Guide

If the malicious BooM Ransomware enters your operating system, you really might think that a bomb went off inside your computer because this threat can successfully corrupt all files that exist. Sure, it should spare system files because it needs your system to work properly; however, your personal files – such as documents or pictures – can be encrypted. The “.Boom” file extension should be added to all of them to make it easier for you to understand the scale of the damage. If you had to go through your files one by one, it would take quite some time for you figure out which files were corrupted. We are sure that you are reading this report in the hopes of finding a way to recover your personal files, but we do not have a solution. Once files are encrypted, decrypting them is simply not possible. While legitimate malware scanners exist, they cannot help you much when it comes to ransomware. Although we might not be able to help you recover files, we can help you delete BooM Ransomware, and that is very important to do.

It is possible that BooM Ransomware was executed after you opened a file sent to you via email. Do you remember doing anything like that before your files were encrypted? Unfortunately, cyber criminals are very smart, and they can create highly believable spam email messages to trick people into downloading malware launchers themselves. Other security backdoors could be used too, but spam emails appear to be most popular when it comes to the distribution of ransomware. Once the threat is installed, it starts encrypting files immediately, and it does that so quickly and so silently that you are unlikely to notice anything suspicious at all. During the attack, BooM Ransomware also creates files in the %TEMP% directory. Both of them are executables, and one is called “Tempsvchost.exe” while the other one has a random name. A registry entry is also created to ensure that the infection runs as soon as the system is turned on. The manual removal guide below shows where to find these ransomware elements and how to delete them. If you do not take care of that, you will remain at risk.

Once files are encrypted, BooM Ransomware launches a window entitled “BooM Ransomeware.” The threat also creates a file named “readme_back_files.htm” to deliver the same message. It informs that files were encrypted and that the victim needs a password to “encode” them. The message also asks to find Mohamed Naser Ahmed (profile ID 100027091457754) on Facebook, and, we assume, that is how you are supposed to get the password. The thing is, you should not expect someone to just randomly give you a password. Instead, the attackers will, most likely, ask you to pay money and then they will ask you to download a file or click a link, and more malicious threats could be introduced to you that way. Overall, we do not recommend interacting with cyber criminals, especially using your personal accounts because cyber criminals could exploit that later on. Note that attackers might try to convince you that you will recover files only if you obey their demands, but their promises mean nothing. Save your money and remove BooM Ransomware without further delay.

You might be able to delete BooM Ransomware manually, without much help. The instructions are below, and, hopefully, you can follow them without a problem. The only hard thing should be the identification of the launcher file. A few possible locations are listed, but, in reality, this file could be anywhere. Of course, if you have no previous experience dealing with or removing malware, erasing the ransomware on your own might be challenging. It doesn’t need to be. You can install an anti-malware program that will find and remove BooM Ransomware automatically, and, needless to say, that should make things much easier. This would also take the responsibility of securing your system off your shoulders. Remember that as long as your system is protected, malware cannot slither in and make a mess.

How to delete BooM Ransomware

1. Delete recently downloaded files.Your goal is to remove the launcher, and it could be here:
   • %USERPROFILE%\Desktop
   • %USERPROFILE%\Downloads
   • %TEMP%
2. Delete the [random].exe and Tempsvchost.exe files from the %TEMP% directory.
3. Delete the HOW TO DECRYPT FILES.txt file from the %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ directory.
4. Launch Registry Editor (tap Win+R, enter regedit.exe, and click OK).
5. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.
6. Delete the value called Alcmeter.
7. Empty Recycle Bin.
8. Perform a full system scan using a trustworthy malware scanner.

N.B. You can access all listed directories via the Explorer. Tap Win+E keys to launch it and then enter the directory’s path into the field at the top.