Boston Ransomware

Malware experts have discovered a new ransomware threat circulating the Web recently. This new file-locking Trojan was dubbed the Boston Ransomware, and when it was further dissected, it became clear that this threat belongs to th STOP Ransomware family.

It is not yet clear how the authors of the Boston Ransomware are propagating their creation exactly. However, experts speculate that pirated software, mass spam email campaigns, and bogus software updates may be at play here. Once the Boston Ransomware infiltrates a host, it starts scanning the system. The reason of this scan is to determine the locations of the files this threat was programmed to target. Then, the Boston Ransomware will start encrypting the data targeted. When the Boston Ransomware locks a file, it applies an extra extension at the end of the file name – ‘.boston.’ For example, a file called ‘soda-can.jpeg’ will be renamed to ‘soda-can.jpeg.boston’ when the encryption process is finished. Once this is done, the files affected will no longer be usable. After this, the Boston Ransomware proceeds the attack by dropping a ransom message. Following the design of almost all ransomware threats, which are variants of the STOP Ransomware, the Boston Ransomware’s ransom note is named ‘_readme.txt.’ The attackers fail to mention what the sum demanded is. They only provide the victim with an email address where they are to be contacted – ‘stoneland@firemail.cc.’

We do not recommend you to contact the creators of this threat. Attempting to negotiate with cyber crooks is pointless as they will always try to trick you into paying them money they do not deserve. Instead, you should look into obtaining a reputable antivirus suite, which would keep threats like the Boston Ransomware at bay.