Bozon Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 100 % (High) |
Infected Computers: | 2 |
First Seen: | April 18, 2022 |
OS(es) Affected: | Windows |
Having your computer infected with the Bozon Ransomware threat can have dire consequences. Indeed, this piece of threatening software is capable of affecting numerous file types and leaving them in an unusable and inaccessible state. Like most ransomware operations, the goal of the cybercriminals responsible for spreading Bozon is to extort money from their victims.
Once the threat has initiated its invasive programming, it will scan the files stored on the system, encrypt them with a strong cryptographic algorithm, and append '.bozon' as a new extension to their original file names. Afterward, a text file named 'FILE RECOVERY.txt' will be created on the system's desktop. The file will contain a ransom note with instructions from the threat actors.
Table of Contents
Ransom Note’s Details
The ransom-demanding message left by the Bozon Ransomware doesn't reveal the exact amount of money that the attackers want to receive. Apparently, the ransom will be determined on an individual basis after the victims have established contact and messaged the hackers. The note provides only the email address 'mallox@tutanota.com' as a viable communication channel. Affected users are instructed that their initial email must contain the ID string found in the note. According to the note, the cybercriminals will decrypt a couple of files for free as a demonstration of their ability to restore all locked data. The chosen files, however, must not contain valuable information.
The full text of the message left by Bozon Ransomware is:
'Your files are encrypted!
Your personal ID:To decrypt, follow the instructions below.
To recover data you need decrypt tool.
To get the decrypt tool you should:Send 1 crypted test image or text file or document to mallox@tutanota.com
In the letter include your personal ID (look at the beginning of this document). Send me this ID in your first email to me.
We will give you free test for decrypt few files (NOT VALUE) and assign the price for decryption all files.
After we send you instruction how to pay for decrypt tool and after payment you will receive a decrypt tool and instructions how to use it.
We can decrypt few files in quality the evidence that we have the decoder.'
SpyHunter Detects & Remove Bozon Ransomware
File System Details
# | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
---|---|---|---|
1. | file.exe | 4a37efca5db6dd9817cdf5adb696bc51 | 2 |