Here’s some good news for users whose files have been encrypted by the BigBobRoss ransomware: both Avast and Emsisoft have released decrypters.
How do you know that you’ve been hit with BigBobRoss?
The ransomware gets its name from the email address included in the ransom note, which comes in a file named Read Me.txt.
Another indication that the user’s files have been encrypted by this particular malware is the .obfuscated extension added to the encrypted files. Also, according to Emsisoft, some variants also prepend the victim ID to the filename (e.g., ID.file.obfuscated).
It is currently unknown how the BigBobRoss ransomware is delivered/spread to victims. What is known is that it uses AES-128 ECB to encrypt files.