Boris Ransomware
Ransomware | 07/11/2018

How to Remove Boris Ransomware?

About: Boris Ransomware is a sneaky crypt o virus that denies users access to their files. This file encryption malware encrypts files using sophisticated cipher algorithm appends files with [].boris extension. The victim is made ...  Read More  

| Ransomware | How to Remove Boris Ransomware?

What is Boris Ransomware and how does it work?


Boris Ransomware is a file encryption malware that encrypts files using AES-256 cipher algorithm and is based on the infamous HiddenTear Ransomware family.

Once installed on the system via malicious websites, spam email attachments the ransomware scans the PC to search for files with the following extensions and encrypts them with the sophisticated cypher algorithm.

.PNG, .GIF, .JPG, .PDF, .XLR, .XLS, .XLSX, .SQL, .APK, .COM, .EXE, .JAR,.CAD Files, .CSS, .HTML .PHP,.DOC, .DOCX, .LOG, .TXT, .CSV, .KEY, .PPT .PPTX and many more.

The encrypted files are appended with [].boris extension.

For instance a file named “abc.pdf” would be renamed to “abc.pdf.[].boris” which is completely unusable.

Victims are informed about this unfortunate circumstance by dropping a ransom note file “README.txt” that does not disclose much and reads as:

Boris RansomNote

There are two version known of this ransom note-one in English and another in Russian.This implicates that Boris ransomware either specifically targets people from these countries, or its developers might be Russian or English.

Decryption tool is stored on the remote servers of cyber miscreants and restoring the files could be almost impossible without it.The sole motive behind this rogue attempt is to earn easy money by exploiting victims.

However users are recommended not to attempt to contact criminals as:

  1. Cybermiscreants usually refuse to provide the decryption key once the ransom is received.
  2. On knowing that the victim is ready to pay the ransom, crooks can optimize similar attacks on the same PC again in the future.
  3. Instead of providing the decryption key to the victims, hackers could send a malicious script that would make the system vulnerable to other system infections.

Alternatives for data recovery for the victims:

  1. To be on a safer side users are always recommended to maintain regular data backup on a remote server or unplugged storage devices like external HDD, USB stick as well as virtual cloud services.
  2. Use of third-party software that might help you with file decryption.
  3. Rely on an independent security researcher to crack malware code and create a decryption key.

Boris Ransomware spread techniques-

Boris ransomware is distributed via various ways and is coded to obfuscate from antivirus or any other protection software installed in the system to evade detection.

Visiting illegitimate websites that use trusted sources for downloads is the most common way to distribute Boris Ransomware.

The techniques used by cyber miscreants to spread Boris ransomware include:

  • Downloading spam email attachments: This is the most prevalent ransomware distribution technique. Cyber crooks send out malicious files that pretend to appear important and demand urgency such as:
  • Online Banking documents
  • Receipts
  • Invoices

In addition the email may appear to be delivered form renowned companies and contain a disguised hyperlink, click on which may direct user to malicious website and lead to the installation of Boris Ransomware.

Other distribution techniques include:

  • Browsing suspicious sites and clicking on malevolent hyperlinks.
  • Downloading freeware programs
  • Fake Updates
  • Unprotected Remote Desktop Protocol (RDP) configuration.

Threat Summary

Name: Boris

Browsers Affected: Google Chrome, Internet Explorer, Mozilla Firefox

Targeted Operating System: Windows

Category: Ransomware

Symptoms: User’s files are encrypted. All locked files are appended with “.boris” extension after the encryption and hence cannot be accessed by the user.

How to solve the problem?



Tips to prevent your computer system from getting infected –

  1. Keeping the Operating System Updated- In order to remain protected and avoid such infections, it is recommended to keep your Operating System updated by enabling the automatic update on your system. The systems with outdated or older versions of Operating System become an easy target for the attackers.
  2. Resist clicking on spam emails – One of the major techniques used for malware distribution is forwarding spam emails to the user. The system gets infected as soon as the user clicks on the attachment. These mails appear to be genuine, so be aware and resist falling for these tricks.
  3. Keep an eye on third party installations- It is quite important that you take due care while installing any third party applications for they are major source of such infections. Such malware programs come bundled with the free applications thereby requiring the user to remain cautious.
  4. Regular periodical backup- In order to keep your data and files safe, it is recommended to take regular back up of all your data and files either on an external drive or cloud.
  5. Use Anti-Virus Protection- We strongly recommend the use of antivirus protection/internet security in your PC like Hitman Pro and Sophos so that it remains safe.
  6. Enable the Ad Blocker/Popup Blocker in your browser- Enabling the popup blocker/ ad blocker in your chosen browser will help you to stay protected from annoying adware.



Hits: 252

Leave a Reply

Your email address will not be published. Required fields are marked *

Did you find the article informative? Yes NO

Get Regular Updates Related to All the Threats

Want to stay informed about the latest threats & malware? Sign up for our newsletter & learn how to get rid of all types of threats from your computer.

Virus Removal Guidelines
Plot No 319, Nandpuri- B Pratap Nagar
Rajasthan 302033
Phone: +91 9799661866