Home / Spyware Help / Boris Ransomware Removal Guide

Boris Ransomware Removal Guide

by 0 Comments

Do you know what Boris Ransomware is?

Boris Ransomware, also called Boris HT Ransomware, is a malicious application known to be able to encrypt victim’s files with a strong cryptosystem. Our computer security specialists think it might have been created by Russian cybercriminals since the ransom note it drops on the Desktop contains instructions written in the Russian language. Also, the research shows the malware’s code is extremely similar to the one used by an open source ransomware application called Hidden Tear, which means the malicious application was probably based on it. If you want to know more details about this threat we encourage you to keep reading our article. However, if you came here just to learn how to get rid of Boris Ransomware, you could slide below the main text at once and follow the provided removal guide.

To begin with, we should say we are not entirely sure the malware is being distributed yet or that it is spread widely. The reason for it is our computer security specialists noticed the malicious application connects to a server called testdecode77.000webhostapp.com/write.php?info, which suggest Boris Ransomware might be still in the development stages. If it was distributed or it will be spread in the future, we think the malicious application’s creators might attack their victims by sending them infected email attachments. It is a somewhat popular method because this way less careful users launch such threats without realizing it. Besides, it is entirely possible the malware could enter the system by exploiting its vulnerabilities or with infected software installers. Thus, to keep the computer safe, we would recommend staying away from suspicious email attachments and possibly harmful web pages.

Another thing we learned about Boris Ransomware is it should target the user’s personal files, and after encrypting them it may place the .[decode77@sfletter.com].boris extension, for example, vacation_photos.zip.[decode77@sfletter.com].boris or introduction.pdf.[decode77@sfletter.com].boris. The last thing it does is dropping a text document titled README.txt on the user’s Desktop. It contains a message written in Russian, which says users who want to decrypt their files should contact the malware’s developers via the provided email. It is important to explain, even though Boris Ransomware’s ransom note does not ask to pay a ransom, we have no doubt the user will be asked to pay once he contacts the threat’s creators. The reason we think so is most cybercriminals who create ransomware do so as generally such threats are designed for money extortion. Also, you should know we do not recommend dealing with the hackers because you might get scammed and all the money you may pay could be lost for no reason.

Users who do not want to risk their money should erase Boris Ransomware with no hesitation. The removal guide available below this text is here to help you get rid of the malicious application manually. Still, if the task looks too complicated for you to handle it, you could employ a reputable antimalware tool instead. Lastly, users who want to ask more about this malware could leave us messages at the end of the article.

Erase Boris Ransomware

  1. Click Ctrl+Alt+Delete simultaneously.
  2. Pick Task Manager.
  3. Take a look at the Processes tab.
  4. Locate a process belonging to this malicious program.
  5. Select this process and press the End Task button.
  6. Click Windows Key+E.
  7. Navigate to the suggested paths:
    %TEMP%
    %USERPROFILE%Desktop
    %USERPROFILE%Downloads
  8. Find a file that was opened when the system got infected, right-click the malicious file and select Delete.
  9. Look for a file titled README.txt, right-click it and select Delete.
  10. Leave File Explorer.
  11. Empty Recycle bin.
  12. Restart the computer.

In non-techie terms:

Boris Ransomware is a malicious file-encrypting program that may do a lot of damage for those who do not have any backup copies of their most important files. As you see, the threat is programmed to encrypt victim’s photos, archives, documents, and other precious records with a secure encryption algorithm. Consequently, the affected files become unreadable and users with no backup might lose such data forever. The malicious applications developers could suggest using their decryption tools or services, but even if they do not mention payment in their ransom note, we believe they would demand it once the user makes contact. Unfortunately, the truth is, there is not knowing what the cybercriminals might do. Nonetheless, as we have heard about situations when users end up being scammed and lose their money in vain, we advise against paying the ransom. If you do not think it is a smart option either we encourage you to erase this malware while following the removal guide available above or employing a reputable antimalware tool of your choice.