Boris HT Ransomware
The Boris HT Ransomware is another adaptation of the HiddenTear open-source ransomware that was reported on July 2nd, 2018. The program at hand appears to be very similar to the Donut Ransomware and the Magician RSWware Ransomware that emerged shortly before the Boris HT. However, one cannot be sure if the same people control these cyber-threats. The HiddenTear code is updated on the Dark Web, and there is no reliable way to track all threat actors using the same code. The people behind the Boris HT Ransomware have made efforts to conceal the Trojan as a clean instance of the legitimate process by Microsoft called 'svhost.exe,' which is used to host various functions.
The Boris HT Ransomware may be injected into systems via fake software updates, corrupted Microsoft Word documents, and cracked games distributed via P2P networks. The Boris HT Ransomware may run from the AppData directory and interfere with the work of databases. The file encoder at hand is designed to encode standard file types you are likely to use in your daily activities. The cyber-threat is aimed at regular PC users who store photos, music, videos, office documents and notes and utilize databases for their needs. The Boris HT Ransomware is known to encode data by running an AES cipher and attach the '[decode77@sfletter.com].boris' suffix. For example, 'Kamacite Mineral.jpeg is renamed to Kamacite Mineral.jpeg[decode77@sfletter.com].boris.' The encoded files are likely to be listed in your file explorer with blank icons, and a ransom note — 'README.txt' — can be found on the desktop. The team behind the Boris HT might welcome users to negotiate the price for a decoder with the following message:
'Your files are encrypted! If you want to restore data email decode77@sfletter.com:
[hex code]'
We do not encourage users to negotiate with the threat authors using the 'decode77@sfletter.com' email account. There are many cases where the ransomware operators collect the money from the affected users and don't send a decoder to their inbox. It is far safer to eliminate the Boris HT Ransomware with the assistance of a respected anti-malware utility and load backups from services like Dropbox, OneDrive, and backup images made with third-party tools. AV companies may use the following detection names for files created by the Boris HT Ransomware:
Gen:Heur.Ransom.HiddenTears.1
HEUR/AGEN.1029350
MSIL:Filecoder-AC [Trj]
Ransom_CRYPTEAR.SM0
Ransomware-FTD!F213E54C8520
TROJ_GEN.R002C0OEU18
Trojan ( 004de29f1 )
Trojan-Ransom.Win32.Crypren.aekw
Trojan.Encoder.10598
Trojan.Generic.D1D75E2B
Win32.Trojan-Ransom.Filecoder.P@gen
a variant of MSIL/Filecoder.AK
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.