About:Boris Ransomware is a sneaky crypt o virus that denies users access to their files. This file encryption malware encrypts files using sophisticated cipher algorithm appends files with [decode77@sfetter.com].boris extension. The victim is made ... Read Moreaware of this rogue activity by dropping a ransom note file "README.txt". Let us read more about this malicious system infection. Less
Boris Ransomware is a file encryption malware that encrypts files using AES-256 cipher algorithm and is based on the infamous HiddenTear Ransomware family.
Once installed on the system via malicious websites, spam email attachments the ransomware scans the PC to search for files with the following extensions and encrypts them with the sophisticated cypher algorithm.
.PNG, .GIF, .JPG, .PDF, .XLR, .XLS, .XLSX, .SQL, .APK, .COM, .EXE, .JAR,.CAD Files, .CSS, .HTML .PHP,.DOC, .DOCX, .LOG, .TXT, .CSV, .KEY, .PPT .PPTX and many more.
The encrypted files are appended with [decode77@sfetter.com].boris extension.
For instance a file named “abc.pdf” would be renamed to “abc.pdf.[decode77@sfetter.com].boris” which is completely unusable.
Victims are informed about this unfortunate circumstance by dropping a ransom note file “README.txt” that does not disclose much and reads as:
There are two version known of this ransom note-one in English and another in Russian.This implicates that Boris ransomware either specifically targets people from these countries, or its developers might be Russian or English.
Decryption tool is stored on the remote servers of cyber miscreants and restoring the files could be almost impossible without it.The sole motive behind this rogue attempt is to earn easy money by exploiting victims.
However users are recommended not to attempt to contact criminals as:
Cybermiscreants usually refuse to provide the decryption key once the ransom is received.
On knowing that the victim is ready to pay the ransom, crooks can optimize similar attacks on the same PC again in the future.
Instead of providing the decryption key to the victims, hackers could send a malicious script that would make the system vulnerable to other system infections.
Alternatives for data recovery for the victims:
To be on a safer side users are always recommended to maintain regular data backup on a remote server or unplugged storage devices like external HDD, USB stick as well as virtual cloud services.
Use of third-party software that might help you with file decryption.
Rely on an independent security researcher to crack malware code and create a decryption key.
Boris Ransomware spread techniques-
Boris ransomware is distributed via various ways and is coded to obfuscate from antivirus or any other protection software installed in the system to evade detection.
Visiting illegitimate websites that use trusted sources for downloads is the most common way to distribute Boris Ransomware.
The techniques used by cyber miscreants to spread Boris ransomware include:
Downloading spam email attachments: This is the most prevalent ransomware distribution technique. Cyber crooks send out malicious files that pretend to appear important and demand urgency such as:
Online Banking documents
Receipts
Invoices
In addition the email may appear to be delivered form renowned companies and contain a disguised hyperlink, click on which may direct user to malicious website and lead to the installation of Boris Ransomware.
Other distribution techniques include:
Browsing suspicious sites and clicking on malevolent hyperlinks.
Browsers Affected: Google Chrome, Internet Explorer, Mozilla Firefox
Targeted Operating System: Windows
Category: Ransomware
Symptoms: User’s files are encrypted. All locked files are appended with “.boris” extension after the encryption and hence cannot be accessed by the user.
To restart the system to Safe Mode with Networking, if already switched ON then follow the below steps:
Windows 7/ Vista/ XP
Click on Windows icon present in the lower left corner of the computer screen.
Select and click Restart.
When the screen goes blank, Keep tapping F8 Key until you see the Advanced Boot Options window.
With the help of arrow keys on keyboard, Select Safe Mode with Networking option from the list and press the Enter Key. The system will then restart to Safe Mode with Networking.
5 Click on the username and enter the password (if any).
Windows 10 / Windows 8
Press and hold the Shift Key and simultaneously click on the windows icon present in the lower left corner of your computer screen.
While the Shift key is still pressed click on the Power button and then click on Restart.
Now select Troubleshoot → Advanced options → Startup Settings.
When the Startup Settings screen appears which is the first screen to appear after restart, select and click on Enable Safe Mode with Networking. The system will then restart to Safe Mode with Networking.
Click on Windows icon present in the lower left corner of the computer screen.
Select and click Restart.
When the screen goes blank, keep tapping F8 key until you see the Advanced Boot Options window.
With the help of arrow keys on keyboard, Select Safe Mode with Command Prompt from the list and press the Enter Key. The system will then restart to Safe Mode with Command Prompt.
Click on the username and enter the password (if any).
Windows 10 / Windows 8
Press and hold the Shift Key and simultaneously click on the windows icon present in the lower left corner of your computer screen.
While the Shift key is still pressed click on the Power button and then click on Restart.
Now select Troubleshoot → Advanced options → Startup Settings.
When the Startup Settings screen appears which is the first screen to appear after restart, select and click on Enable Safe Mode with Command Prompt. The system will then restart to Safe Mode with Command Prompt.
Click on the username and enter the password.
Once the system starts, ensure to use an account with administrative privilege to access Safe Mode with Command Prompt.
After the user enters admin credentials, Command prompt window is displayed wherein you are entitled to enter the below commands:
Type the command “sc delete Boris” in the command prompt and press Enter.
Type “exit” to exit the command prompt and restart the system in safe mode with command prompt.
Click on the Windows icon present in the bottom left corner of the task bar to open up the Start menu.
Click on the ‘Control Panel’ button in the Start menu. This will open the control panel dialog box.
In the Control Panel dialog box click on the ‘View by:’ dropdown at the top right corner of the dialog box and Select the Large Icons
Click on the Windows Defender icon. This will open the windows defender dialog box.
Click on ‘Check for updates now’ button. It will check for Updated definitions before scanning the system.
Once the Defender is updated click on Scan Now button.
This will take some time to scan the system for threats.
Once the scanning is complete and no threats are found you will be notified with a message ‘No unwanted or harmful software detected’ in a Green Bar.
If threats are found, you are recommended to use an antivirus to keep your system risk free.
Windows 10
Click on the Search Box and type “Defender” (you can also press Windows key + Q to bring up the search bar needed. This shortcut will launch the search function on your system). Windows Defender Settings should appear in the results list. Click on it to launch the program.
In the Defender window click on Open Windows Defender Security Center button. This will launch Windows Defender Security Center window.
Click on Virus & Threat Protection icon, from the Windows Defender Security Center window.
In the Virus and Threat Window that appears click on Quick scan button. This will scan the system for Virus and other threats.
System scan will take some time. Once the scanning is complete and no threats are found you will be notified with a message pop up at the bottom right corner of the window, ‘No threats were found’.
If threats are found, you are recommended to use an antivirus to keep your system risk free
Click on the Windows icon present in the bottom left corner of the task bar to open up the Start menu.
Click on the ‘Control Panel’ button in the Start menu. This will open the control panel dialog box.
In the Control Panel dialog box click on the ‘View by:’ dropdown at the top right corner of the dialog box and Select the Large Icons
Click on”Windows Update” link.
After Windows Update opens, click “Check for Updates” button.
Once Windows finishes checking for updates, click the “Install now” button.
When the updates have finished installing, restart your computer (if prompted).
Windows 10
Click on the Search Box and type “Update” (you can also press Windows key + Q to bring up the search bar needed. This shortcut will launch the search function on your system). Windows Update Settings should appear in the results list. Click on it to launch the program.
Check for the Update Status. If Windows Update says your device is up to date, you have all the updates that are currently available. For more info about updates, click on View installed update history.
Once the system software are updated click on Restart Now button to install the Updated software.
Tips to prevent your computer system from getting infected –
Keeping the Operating System Updated- In order to remain protected and avoid such infections, it is recommended to keep your Operating System updated by enabling the automatic update on your system. The systems with outdated or older versions of Operating System become an easy target for the attackers.
Resist clicking on spam emails – One of the major techniques used for malware distribution is forwarding spam emails to the user. The system gets infected as soon as the user clicks on the attachment. These mails appear to be genuine, so be aware and resist falling for these tricks.
Keep an eye on third party installations- It is quite important that you take due care while installing any third party applications for they are major source of such infections. Such malware programs come bundled with the free applications thereby requiring the user to remain cautious.
Regular periodical backup- In order to keep your data and files safe, it is recommended to take regular back up of all your data and files either on an external drive or cloud.
Use Anti-Virus Protection- We strongly recommend the use of antivirus protection/internet security in your PC like Hitman Pro and Sophos so that it remains safe.
Enable the Ad Blocker/Popup Blocker in your browser- Enabling the popup blocker/ ad blocker in your chosen browser will help you to stay protected from annoying adware.
The researchers at Virus Removal Guidelines are dedicated to track down the latest vulnerabilities which may infringe your system security. Our team of expert performs a detailed research about every malware infection before educating our users about the same.
Want to stay informed about the latest threats & malware? Sign up for our newsletter & learn how to get rid of all types of threats from your computer.
Virus Removal Guidelines
Plot No 319, Nandpuri- B Pratap Nagar Jaipur Rajasthan302033