BoY Ransomware

The BoY Ransomware is a threatening program that encrypts data on compromised devices and demands payment for its recovery. It adds a '.BoY' extension to the end of each file, so a file named '1.jpg' would become '1.jpg.BoY.' The ransomware then displays a pop-up window and creates a text document called 'HOW TO DECRYPT FILES.txt,' which contains the same ransom message. The BoY Ransomware belongs to the Xorist Ransomware family.

The Demands of the BoY Ransomware

Victims of the BoY ransomware are presented with a message that their files have been encrypted. The cybercriminals claim that victims must purchase decryption keys from them to recover the locked data. The cost of these tools is 0.06 BTC, which is equivalent to around $1,300. Unfortunately, there is no guarantee that paying the ransom will result in successful data recovery, so it is not recommended to do so. To prevent further encryption of files, the ransomware must be removed from the system; however, this does not restore the already affected data. The only way to recover it is through a backup stored elsewhere. It is important to keep backups in multiple locations for maximum security.

Typical Distribution Channels for Threats Like the BoY Ransomware

Email-borne attacks remain one of the top methods for delivering ransomware payloads into a system or network. Cybercriminals often use email spoofing techniques or advanced tools to deliver corrupted emails that contain links, attachments or other embedded content designed to compromise vulnerable systems. The best way to defend against these attacks is by implementing strict email filtering policies and educating employees on the dangers posed by phishing campaigns.

Threat actors also may employ automated exploit kits (Exploit Kit) as an effective method for infiltrating vulnerable computers. These kits are usually anonymously purchased over Dark Net marketplaces and can subsequently be used simultaneously against thousands of potential victims without requiring any special technical knowledge from the attacker. Companies should always ensure that all software used within their environment is regularly patched against known vulnerabilities to minimize the risks associated with exploit kits.

The full text of the BoY Ransomware's ransom note is:

'ATTENTION!!!

All your files have been encrypted!
Files can only be decrypted with the keys that have been generated for your PC!
The amount you have to pay to get the keys is 0.06 Bitcoin
We do not accept another payment method!

This is where you need to send bitcoin:
bc1q6x4kev9pefay37uctaq9ggqmxrg7a6txn2tanf

After sending, contact us at this email address: boyka@tuta.io
With this subject: -

Use the sites below to quickly buy bitcoin
www.localbitcoins.com
www.paxful.com

Another list of sites can be found here:
hxxps://bitcoin.org/en/exchanges

After confirming the payment, you will receive a tutorial and the keys for decrypting the files.'