Booyah Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 80 % (High) |
| Infected Computers: | 276 |
| First Seen: | April 25, 2016 |
| Last Seen: | June 23, 2022 |
| OS(es) Affected: | Windows |
The Booyah Ransomware is a ransomware Trojan that was discovered recently, in April of 2016. The Booyah Ransomware is associated with an executable file named 'Booyah.exe' that is dropped on the victim's computer. The Booyah Ransomware is installed as an application with the installer from Nullsoft Scriptable Install System and uses an included DLL file to carry out the encryption of the victim's files. The purpose of the Booyah Ransomware attack is to encrypt the victim's files and then demand the payment of a fee from the computer user. Because of this, PC security researchers strongly recommend that computer users backup their files on an external memory device or the cloud and protect their computers with a reliable anti-malware program that is fully up-to-date.
The Booyah Ransomware's Encryption Process and Attack
When the Booyah Ransomware infects a computer, it encrypts the victim's files. The Booyah Ransomware then delivers a ransom note in the form of a text file dropped in directories where the files were encrypted. This file, named 'WHATHAPPENDTOYOURFILES.TXT' contains the following:
Your ID: 758275
* * *
Hi. Your files are now encrypted. I have the key to decrypt them back.
I will give you a decrypter if you pay me. If you pay me today, the price is only 1 bitcoin.
If you pay me tomorrow, you will have to pay 2 bitcoins. If you pay me one week later the price
\will be 7 bitcoins and so on. So, hurry up.
The ID number included in the message is the same for all victims of the Booyah Ransomware. The CRYPTOSO.KEY file, which is dropped on the victim's computer probably contains the decryption key, encrypted using an additional encryption algorithm. The Booyah Ransomware also drops a text file with a full list of the files that have been encrypted by the Booyah Ransomware.
How the Booyah Ransomware may Enter a Computer\ and Carry Out Its Attack
The Booyah Ransomware may be distributed using corrupted email attachments. PC security researchers suspect that the Booyah Ransomware exploits macros in Microsoft Office or may be distributed using harmful PDF files. The main method of distribution of the Booyah Ransomware is through the use of corrupted email attachments that may contain elements of social engineering or known tactics to trick inexperienced users into downloading and opening the attached file. Once the corrupted file is opened, the Booyah Ransomware enters the victim's computer and encrypts the victim's files. The Booyah Ransomware targets a wide variety of file types such as documents, images and media files.
Files that have been encrypted using the Booyah Ransomware cannot be decrypted without the corresponding decryption key. With this in consideration, PC security researchers strongly advise against paying the Booyah Ransomware's ransom amount. It is not reliable to trust in the con artists' promise to provide the decryption key after payment has been carried out. Instead, computer users should take the following steps to prevent the Booyah Ransomware attacks and becoming vulnerable to similar encryption ransomware Trojans:
- Back up all of your files to an external device or the cloud. The Booyah Ransomware and similar attacks will not be effective if you can simply wipe your hard drive and restore the encrypted files from a remote location. Backing up all files will cost a fraction of what the ransom amount is.
- Use a reliable security program that is fully up to date to prevent threats from entering your computer. A reliable anti-spam filter will prevent email messages associated with the Booyah Ransomware from landing in your Inbox in the first place.
- Never open unsolicited email attachments or messages, even if they appear to come from a reliable source.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.