Boom Ransomware - How to remove

Boom ransomware is a devastating, destructive computer virus that can turn your system into the garbage and make it unusable. If you have never heard of ransomware before, it is a cryptovirus that aims to lock all personal files that are stored on your computer and force you to pay a ransom to get the privilege to use them once again.

The scheme of how Boom ransomware makes money is pretty elementary – they try to infect as many computers as possible and then terrorize users for ransom payments. So in case, your computer is currently infected with Boom virus and you are about to pay the ransom to get your precious files back – don’t do that just yet. There are other effective methods to solve this problem and we are going to review them.

It’s good that you have discovered our article about Boom ransomware because we will provide you with detailed instructions on how to eliminate this infection from your system and also get the best shot at recovering your lost files. In case some important information is missing and you failed to find an answer to your question here, always feel free to contact us in the comments section below and we will get back at you as soon as possible.

Boom Ransomware Analysis

If you are familiar with various ransomware infections, you know that almost all of them use specific extensions to mark locked (encrypted) files. Usually, ransomware viruses are named after those extensions – Vulston ransomware and .vulston extension, Bizer ransomware and .bizer extension, Tunca ransomware with .tunca extension and so on. Boom ransomware is not an exception – it is named after the extension of .boom, therefore the virus can be called “.boom extension virus” as well.

So once inside of your computer, Boom extension virus will scan your hard drive in order to detect all files that can be locked. This virus is targeted at personal files, so you can expect them to be locked. Good news is that it won’t touch systemic files, so you will be able to continue using your computer, only without the ability to access personal files.

In order to lock your files, .boom infection employs strong cryptography and change the structure of your files. However, that means that those files are not doomed or damaged for good – if the encryption process is reversed, they will be good once again.

After the encryption, Boom ransomware will automatically generate a ransom note and place it on your desktop in the form of text file, named “HOW TO DECRYPT FILES.txt”. It goes like this:

Welcome –
in Boom Ransomeware
Oooooops All Your Files Have Been Encrypted With Password
To Show The Password You Enter PIN First
See you soon

password =

Enter PIN

They will also automatically start a new process on your computer and execute a new window that will display information that is almost identical to the one in the text file.

There is a dedicated button to get a unique PIN, that was automatically generated and assigned to your computer. In order to get the PIN which should allow unlocking your encrypted files, you will be asked to pay a certain amount of money. It is not clear how much it is, but we do not recommend to do that in advance. Why? Because there are other, better alternatives to do that and we will soon introduce you to them.

How to Remove Boom Virus And Unlock Files

The most efficient and fastest way to deal with a virus like Boom ransomware is to scan your computer with Spyhunter. Either one of those programs should immediately detect and remove all files that are related to this infection.

Unfortunately, removing the infection itself is not a final solution – anti-malware software can’t decrypt your files, so you will have to do the using other tools. First of all, try to perform a system restore. This should allow to turn your computer back in time and restore it into the state when the virus was not present yet. However, that’s only possible if you have a valid backup copy that was not damaged by the virus.

If for some reasons you can’t perform a system restore, try using free ’file that could solve this problem.

Automatic Malware removal tools

How to recover Boom Ransomware encrypted files and remove the virus

Step 1. Restore system into last known good state using system restore

1. Reboot your computer to Safe Mode with Command Prompt:

for Windows 7 / Vista/ XP

• Start → Shutdown → Restart → OK.
• Press F8 key repeatedly until Advanced Boot Options window appears.
• Choose Safe Mode with Command Prompt.

for Windows 8 / 10

• Press Power at Windows login screen. Then press and hold Shift key and click Restart.
• Choose Troubleshoot → Advanced Options → Startup Settings and click Restart.
• When it loads, select Enable Safe Mode with Command Prompt from the list of Startup Settings.

 

2.Restore System files and settings.

• When Command Prompt mode loads, enter cd restore and press Enter.
• Then enter rstrui.exe and press Enter again.
• Click “Next” in the windows that appeared.
• Select one of the Restore Points that are available before Boom Ransomware has infiltrated to your system and then click “Next”.
• To start System restore click “Yes”.

 

Step 2. Complete removal of Boom Ransomware

After restoring your system, it is recommended to scan your computer with an anti-malware program, like Spyhunter and remove all malicious files related to Boom Ransomware. You can check other tools here.  

Step 3. Restore Boom Ransomware affected files using Shadow Volume Copies

If you do not use System Restore option on your operating system, there is a chance to use shadow copy snapshots. They store copies of your files that point of time when the system restore snapshot was created. Usually Boom Ransomware tries to delete all possible Shadow Volume Copies, so this methods may not work on all computers. However, it may fail to do so. Shadow Volume Copies are only available with Windows XP Service Pack 2, Windows Vista, Windows 7, and Windows 8. There are two ways to retrieve your files via Shadow Volume Copy. You can do it using native Windows Previous Versions or via Shadow Explorer. a) Native Windows Previous Versions Right-click on an encrypted file and select Properties → Previous versions tab. Now you will see all available copies of that particular file and the time when it was stored in a Shadow Volume Copy. Choose the version of the file you want to retrieve and click Copy if you want to save it to some directory of your own, or Restore if you want to replace existing, encrypted file. If you want to see the content of file first, just click Open.

b) Shadow Explorer It is a program that can be found online for free. You can download either a full or a portable version of Shadow Explorer. Open the program. On the left top corner select the drive where the file you are looking for is a stored. You will see all folders on that drive. To retrieve a whole folder, right-click on it and select “Export”. Then choose where you want it to be stored.

Step 4. Use Data Recovery programs to recover Boom Ransomware encrypted files

There are several data recovery programs that might recover encrypted files as well. This does not work in all cases but you can try this:

• We suggest using another PC and connect the infected hard drive as slave. It is still possible to do this on infected PC though.
• Download a data recovery program.
• Install and scan for recently deleted files.

Note: In many cases it is impossible to restore data files affected by modern ransomware. Thus I recommend using decent cloud backup software as precaution. We recommend checking out Carbonite, BackBlaze, CrashPlan or Mozy Home.