How to Remove Boris Ransomware?

What is Boris Ransomware and how does it work?

Boris Ransomware is a file encryption malware that encrypts files using AES-256 cipher algorithm and is based on the infamous HiddenTear Ransomware family.
Once installed on the system via malicious websites, spam email attachments the ransomware scans the PC to search for files with the following extensions and encrypts them with the sophisticated cypher algorithm.
.PNG, .GIF, .JPG, .PDF, .XLR, .XLS, .XLSX, .SQL, .APK, .COM, .EXE, .JAR,.CAD Files, .CSS, .HTML .PHP,.DOC, .DOCX, .LOG, .TXT, .CSV, .KEY, .PPT .PPTX and many more.
The encrypted files are appended with [decode77@sfetter.com].boris extension.
For instance a file named “abc.pdf” would be renamed to “abc.pdf.[decode77@sfetter.com].boris” which is completely unusable.
Victims are informed about this unfortunate circumstance by dropping a ransom note file “README.txt” that does not disclose much and reads as:
Boris RansomNote
There are two version known of this ransom note-one in English and another in Russian.This implicates that Boris ransomware either specifically targets people from these countries, or its developers might be Russian or English.
Decryption tool is stored on the remote servers of cyber miscreants and restoring the files could be almost impossible without it.The sole motive behind this rogue attempt is to earn easy money by exploiting victims.
However users are recommended not to attempt to contact criminals as:
  1. Cybermiscreants usually refuse to provide the decryption key once the ransom is received.
  2. On knowing that the victim is ready to pay the ransom, crooks can optimize similar attacks on the same PC again in the future.
  3. Instead of providing the decryption key to the victims, hackers could send a malicious script that would make the system vulnerable to other system infections.

Alternatives for data recovery for the victims:

  1. To be on a safer side users are always recommended to maintain regular data backup on a remote server or unplugged storage devices like external HDD, USB stick as well as virtual cloud services.
  2. Use of third-party software that might help you with file decryption.
  3. Rely on an independent security researcher to crack malware code and create a decryption key.

Boris Ransomware spread techniques-

Boris ransomware is distributed via various ways and is coded to obfuscate from antivirus or any other protection software installed in the system to evade detection.

Comments

Post a Comment

Popular posts from this blog

How to Remove Search.newtabtvsearch.com or NewTabTV Redirect?

Image
Search.newtabtvsearch.com is a nasty browser hijacker that hijacks your browser to alter its homepage and new tab functionality. Besides that, it displays constant banners, pop-ups and annoying ads to diminish your overall browsing experience. What is Search.newtabtvsearch.com Redirect? Search.newtabtvsearch.com or Newtab-TV Redirect is a browser hijacker presented in the form of suspicious search engine. This search engine has been developed by Imali Media Ltd. and the company claims that the application let the users watch television, news and their favorite shows on their PC. It will replace the page you see when opening a new tab as given in the image below: Upon installation, Search.newtabtvsearch.com will present its search results to the user through http://search.yahoo.com. Browser extensions like Newtab-TV get installed as a result of software bundling along with free software or applications which the user download off the internet. Threat Summary   ...
Read more

How to remove Speedtest-guide.com redirect from your system

Image
Guide to Remove Speedtest-guide.com redirect Speedtest-guide.com redirect is a nasty browser hijacker that changes the default browser settings such as home-page, search engine & new tab functionality. In addition to that, it displays annoying ads & causes infuriating redirects to dubious sites, thus deteriorating the web-browsing experience. This rogue browser redirector claims to be a free tool that can be used to test Internet speed & customize the web search. It also enables the users to keep a track of the previous tests & access speed boosting tips. While Speedtest-guide.com appears to be a useful & legit application, the users have reported of its questionable behavior. Firstly, to operate on a system, it requires modifying the browser settings without user’s permission. It does so to promote a fake search engine - Speedtest-guide.com. It causes unnecessary browser redirects & possesses the capability of tracking down user’s online ...
Read more

Tampermonkey Chrome Extension Blacklisted by the popular Web Browser Opera

Image
Chrome Web Store is facing an uphill battle from the last few years for hosting malevolent add-ons that claim to enhance your web browser capabilities. Tampermonkey, the widely used free browser extension known to manage user scripts & offer valuable features to improve user’s browsing experience has been declared malicious by the infamous Opera web Browser. So if you have installed  Tampermonkey 4.7.54  extension from Chrome web Store in Opera Browser & using it, you will be alerted by the warning: Opera has blacklisted one of your extensions, and we’ve blocked it for your safety. Go to the extensions manager for more details The popular user script manager extension, Tampermonkey has over 10 million users & is available for all the popular browsers including Chrome, Safari, Opera, Firefox & Microsoft Edge. The distinctive attributes offered by the extension include: Clear Overview over the running scripts. ZIP- based import & export A built-in e...
Read more