ExpBoot Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 100 % (High) |
Infected Computers: | 4 |
First Seen: | December 27, 2012 |
Last Seen: | July 26, 2019 |
OS(es) Affected: | Windows |
With the growing popularity of ransomware threats, there are all sorts of cybercriminals trying their luck in creating various variants of this malware. Some of the cybercrooks are highly skilled and very capable, while others, not so much. Today we will be dealing with the latter when discussing the newly emerged ExpBoot Ransomware.
Table of Contents
Compromising Your System
It is not clear what is the precise method employed in the propagation of the ExpBoot Ransomware. Some malware researchers have speculated that the authors of the ExpBoot Ransomware may have made use of the most favored infection vectors used in the spreading of ransomware threats – faux software updates, corrupted pirated applications downloaded from unverified sources, and spam emails containing infected attachments. Normally, when a ransomware threat compromises a PC, it will trigger a scan, which is then followed by encryption of the targeted data. In the case of the ExpBoot Ransomware, however, this does not take place as this ransomware threat is not capable of encrypting any files. Instead of applying an encryption algorithm to lock the data on the system, the ExpBoot Ransomware will just rename the extension of the files and make it seem like they have undergone an encryption process when in fact no such thing has taken place. The more tech-savvy users may recognize this and realize that simply erasing the added extension would reverse the ‘damage,’ and their data will be fully usable again.
The Ransom Note
The ExpBoot Ransomware will present the user with a pink pop-up system window, which states ‘Your Files Are All Encrypted!’ but as we already mentioned, this is not the case. The ransom message of the ExpBoot Ransomware reads:
’Q: What is wrong with my file?
A: Oops, your important files are encrypted. This means you will no longer be able to access them until you decrypt them.
If you follow our instructions, we guarantee that you can decrypt all files quickly and safely!
Q: What should I do?
A: First of all, you need to pay a service fee for decryption, a total of 10,000 batteries.
Please charge 10,000 batteries to this user (UID: 185636167)
Follow the instructions! (You may need to temporarily disable anti-virus software.)
After opening the link, click the charging button on the right to charge 10,000 batteries and leave a message for your contact. (only for your email)
Q: How can I believe it?
A: Don't worry about decryption.
We will definitely decrypt your files, because if we deceive users, no one will trust us.’
These so-called batteries are an in-site currency used in the Chinese website Bilibili. It seems that the authors of the ExpBoot Ransomware require the victim to create an account in the aforementioned website and buy 10,000 batteries with real money. Then, they are likely meant to transfer them to the account of the attackers.
Since this ransomware threat does not encrypt any data, there is no reason even to entertain the idea of paying the ransom fee demanded. Instead, you should download and install a reputable anti-malware application because next time you may happen upon a much more harmful threat, which will not be as easy to deal with as the ExpBoot Ransomware.
SpyHunter Detects & Remove ExpBoot Ransomware
File System Details
# | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
---|---|---|---|
1. | file.exe | 92e2dbc6f65417ffb5119d848726f8d3 | 2 |