Boris Ransomware is a file encryption malware that encrypts files using AES-256 cipher algorithm and is based on the infamous HiddenTear Ransomware family.
Once installed on the system via malicious websites, spam email attachments the ransomware scans the PC to search for files with the following extensions and encrypts them with the sophisticated cypher algorithm.
.PNG, .GIF, .JPG, .PDF, .XLR, .XLS, .XLSX, .SQL, .APK, .COM, .EXE, .JAR,.CAD Files, .CSS, .HTML .PHP,.DOC, .DOCX, .LOG, .TXT, .CSV, .KEY, .PPT .PPTX and many more.
The encrypted files are appended with [email@example.com].boris extension.
For instance a file named “abc.pdf” would be renamed to “abc.pdf.[firstname.lastname@example.org].boris” which is completely unusable.
Victims are informed about this unfortunate circumstance by dropping a ransom note file “README.txt” that does not disclose much and reads as:
There are two version known of this ransom note-one in English and another in Russian.This implicates that Boris ransomware either specifically targets people from these countries, or its developers might be Russian or English.
Decryption tool is stored on the remote servers of cyber miscreants and restoring the files could be almost impossible without it.The sole motive behind this rogue attempt is to earn easy money by exploiting victims.
However users are recommended not to attempt to contact criminals as:
Boris ransomware is distributed via various ways and is coded to obfuscate from antivirus or any other protection software installed in the system to evade detection.
Visiting illegitimate websites that use trusted sources for downloads is the most common way to distribute Boris Ransomware.
The techniques used by cyber miscreants to spread Boris ransomware include:
In addition the email may appear to be delivered form renowned companies and contain a disguised hyperlink, click on which may direct user to malicious website and lead to the installation of Boris Ransomware.
Other distribution techniques include:
Browsers Affected: Google Chrome, Internet Explorer, Mozilla Firefox
Targeted Operating System: Windows
Symptoms: User’s files are encrypted. All locked files are appended with “.boris” extension after the encryption and hence cannot be accessed by the user.
Subscribe to our newsletter today to receive updates on the Latest News and Threats.
The researchers at Virus Removal Guidelines are dedicated to track down the latest vulnerabilities which may infringe your system security. Our team of expert performs a detailed research about every malware infection before educating our users about the same.
Want to stay informed about the latest threats & malware? Sign up for our newsletter & learn how to get rid of all types of threats from your computer.