ExpBoot Ransomware Description
With the growing popularity of ransomware threats, there are all sorts of cybercriminals trying their luck in creating various variants of this malware. Some of the cybercrooks are highly skilled and very capable, while others, not so much. Today we will be dealing with the latter when discussing the newly emerged ExpBoot Ransomware.
Compromising Your System
It is not clear what is the precise method employed in the propagation of the ExpBoot Ransomware. Some malware researchers have speculated that the authors of the ExpBoot Ransomware may have made use of the most favored infection vectors used in the spreading of ransomware threats – faux software updates, corrupted pirated applications downloaded from unverified sources, and spam emails containing infected attachments. Normally, when a ransomware threat compromises a PC, it will trigger a scan, which is then followed by encryption of the targeted data. In the case of the ExpBoot Ransomware, however, this does not take place as this ransomware threat is not capable of encrypting any files. Instead of applying an encryption algorithm to lock the data on the system, the ExpBoot Ransomware will just rename the extension of the files and make it seem like they have undergone an encryption process when in fact no such thing has taken place. The more tech-savvy users may recognize this and realize that simply erasing the added extension would reverse the ‘damage,’ and their data will be fully usable again.
The Ransom Note
The ExpBoot Ransomware will present the user with a pink pop-up system window, which states ‘Your Files Are All Encrypted!’ but as we already mentioned, this is not the case. The ransom message of the ExpBoot Ransomware reads:
’Q: What is wrong with my file?
A: Oops, your important files are encrypted. This means you will no longer be able to access them until you decrypt them.
If you follow our instructions, we guarantee that you can decrypt all files quickly and safely!
Q: What should I do?
A: First of all, you need to pay a service fee for decryption, a total of 10,000 batteries.
Please charge 10,000 batteries to this user (UID: 185636167)
Follow the instructions! (You may need to temporarily disable anti-virus software.)
After opening the link, click the charging button on the right to charge 10,000 batteries and leave a message for your contact. (only for your email)
Q: How can I believe it?
A: Don't worry about decryption.
We will definitely decrypt your files, because if we deceive users, no one will trust us.’
These so-called batteries are an in-site currency used in the Chinese website Bilibili. It seems that the authors of the ExpBoot Ransomware require the victim to create an account in the aforementioned website and buy 10,000 batteries with real money. Then, they are likely meant to transfer them to the account of the attackers.
Since this ransomware threat does not encrypt any data, there is no reason even to entertain the idea of paying the ransom fee demanded. Instead, you should download and install a reputable anti-malware application because next time you may happen upon a much more harmful threat, which will not be as easy to deal with as the ExpBoot Ransomware.
Do You Suspect Your PC May Be Infected with ExpBoot Ransomware & Other Threats? Scan Your PC with SpyHunterSpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like ExpBoot Ransomware as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Security Doesn't Let You Download SpyHunter or Access the Internet?Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
- Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
- Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
- Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
- IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your PC. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.