Boris HT Ransomware
The Boris HT Ransomware is a file-locking Trojan from the Hidden Tear family and uses the AES encryption for keeping you from opening documents, pictures and other media. It adds a unique extension and e-mail address to the names of the files that it locks and also creates Readme text files with its ransoming demands. Ignore the threat actor's recommended solution, restore your work with free software or a backup, and have an appropriate anti-malware product uninstall the Boris HT Ransomware.
Hidden Tear Gets Another Name to Be Known By
Threat actors are circulating another version of Hidden Tear, which, unlike the 'for demonstration purposes' samples of the equally-new the CryptoGod Ransomware, is in active deployment for extorting money from random victims. This version of the HT family, the Boris HT Ransomware, uses a simple Notepad message that offloads most of its extortion negotiations to the threat actor's e-mail. Until then, the user's media files remain in non-opening states, thanks to the Trojan's encryption feature.
Like old versions of Hidden Tear, such as the 8lock8 Ransomware or the Hidden-Peach Ransomware, as well as 2018-dated ones like the Sorry HT Ransomware or the Ultimo Ransomware, the Boris HT Ransomware uses a Rijndael or AES-based encryption attack that targets files according to their locations and formats. Malware experts recommend backing up the data types that are at high risk of being locked: documents, Microsoft Office-related work, archives, pictures, movies and music. The Boris HT Ransomware denotes each file that it encrypts with a '.boris' extension and a bracket-enclosed e-mail address.
The e-mail is part of the Boris HT Ransomware's ransoming instructions, which it supports with a terse Notepad file that no additional information, besides a hex string for the user's identification. Usually, criminals, once contacted, will demand a voucher or cryptocurrency-based ransom for the decryption service, and may withhold it after receiving their money. Free decryption programs for the Boris HT Ransomware's family are downloadable for the public at large but require further verification for their compatibility with this version of Hidden Tear.
The Piece of Windows that's Out to Get You
File data that malware experts see in many versions of the Boris HT Ransomware's executables include attempts to misrepresent the Trojan as being a native Windows component, although the name has a minor typo ('svhost' instead of the legitimate 'svchost'). Other credentials pretend that the Boris HT Ransomware is a file endorsed by Adobe, a company noted for its document reader software. Downloads from unsafe resources, such as unverified websites or torrent networks, are frequent sources of infection by file-locking Trojans and other threats.
While it may have increased social engineering tactics in its installation method, the Boris HT Ransomware has no extra features for avoiding detection by AV software. Malware experts are confirming that this Trojan is just as identifiable by appropriate security products as the majority of its family members. PCs protected by such programs should delete the Boris HT Ransomware before it encrypts any files.
Until a decryption solution is verifiable for the Boris HT Ransomware's attacks, a backup and following standard security recommendations are the only defenses that can keep your files out of being bargaining chips for extortion. Since Hidden Tear's source code is available to the world at large, it can pay in dividends to keep your files somewhere that you know a Trojan can't reach.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.