Technical Break-down: Boza Ransomware 1. File Extension & Renaming Patterns Confirmation of File Extension: The malware appends the “.boza” extension to every encrypted file. Renaming Convention: <original_name>.<original_extension>.id-<8-to-10-digit-VICTIM-ID>.[<attacker_email>].boza Example: Annual_Budget.xlsx.id-92417835.[[email protected]].boza 2. Detection & Outbreak Timeline Approximate Start Date/Period: Public campaigns observed from July 2021 onward, with peak activity in August – September 2021. Older samples trace…

Technical Breakdown: 1. File Extension & Renaming Patterns Confirmation of File Extension: Files encrypted by this strain are appended with .boy (lower-case, no additional dots, and placed after the original extension—e.g., 2024_budget.xlsx.boy). Renaming Convention: The ransomware preserves the original file name and original extension, then simply appends .boy. Folders receive a ransom note named _readme.txt;…

Ransomware Dossier – “Bowd” (file-extension “.bowd”) Technical Breakdown 1. File Extension & Renaming Patterns Confirmation of File Extension: .bowd Renaming Convention: Each encrypted file is renamed using the scheme: <original_filename>.<original_extension>.bowd Example: Project_Draft.docx → Project_Draft.docx.bowd 2. Detection & Outbreak Timeline Approximate Start Date/Period: First samples telemetry-collected in early April 2024. Rapid propagation waves observed during late…

RANSOMWARE BRIEF – “.boty” Files (Compiled 2024-06-XX – v1.0) 🔗 Technical Breakdown ────────────────────── File Extension & Renaming Patterns • Confirmation: Every encrypted file is appended “.boty”. Example: Project-Q3.xlsx → Project-Q3.xlsx.boty • Renaming Convention: Files keep everything that existed in the original filename (path, spaces, any existing extension) and simply tack .boty at the end. No…

Ransomware Knowledge Base: bot! Technical Breakdown 1. File Extension & Renaming Patterns Confirmation of File Extension: The malware appends the literal double-lowercase suffix “.bot!” (including the exclamation mark) to every encrypted file. Example: Project-Final.docx → Project-Final.docx.bot! Renaming Convention: Keeps the original file name and the original file-type extension in the clear (so the victim can…

Technical Breakdown 1. File Extension & Renaming Patterns Confirmation of File Extension: Files are appended with the extension .bot. Example: Report_2024_Q1.xlsx ➝ Report_2024_Q1.xlsx.bot Renaming Convention: No case mixing—the extension is always lowercase “.bot” Original filenames and folder structure are preserved; the attacker simply appends the extension to each encrypted object. In some early variants the…

Technical Breakdown – BOSTON Ransomware 1. File Extension & Renaming Patterns Confirmation of File Extension: .boston (always in lower-case, appended once). Renaming Convention: Files keep their original base name and any preceding extensions, then a 40-character hexadecimal hexadecimal string is attached, followed by .boston. Example: Q2_Financial.xlsx → Q2_Financial.xlsx.64a5972f7f7e85c3e9ac1b9d3c6e4e55f2c8e3b2.boston 2. Detection & Outbreak Timeline First sightings:…

Technical Breakdown: Boruta Ransomware 1. File Extension & Renaming Patterns Confirmation of File Extension: Encrypted files receive the fixed extension .boruta. Renaming Convention: original_filename.ext.[victim_ID].boruta – The victim_ID is a 6-character alphanumeric string generated from the system’s serial number or volume GUID. – Example: 2023_Budget.xlsx.A1B2C3.boruta 2. Detection & Outbreak Timeline Approximate Start Date/Period: First large-scale telemetry…

Technical Breakdown: BOROFF Ransomware 1. File Extension & Renaming Patterns Confirmation of File Extension: .boroff Renaming Convention: Files are renamed in two distinct layers: Original name → <original_name>ID-<8-hex-char_unique_ID>.boroff (e.g., Document.docx becomes Document.docxID-1a3c5f7c.boroff) If the variant is the affiliate “Blitz” build (observed July 2024+) the ID is prepended instead: ID-<8-hex-char_unique_ID>.boroff followed by 0x19 nulls, erasing the…

==================================================== BORIS/HORSE RANSOMWARE – FULL PROFILE & RECOVERY GUIDE (Community-use source compiled 2024-08-25, last major update 2024-08-25) TECHNICAL BREAKDOWN 1. File Extension & Renaming Patterns Confirmation: All encrypted files are appended with the triple dotted extension .borishorse… (three full-width ellipsis “…” after the base word “borishorse” – Unicode-cased variants were seen: “borisHorse…”/“BorisHorse…” on macOS victims).…