Technical Breakdown: 1. File Extension & Renaming Patterns Confirmation of File Extension: Borishorse appends .borishorse* (note the literal asterisk at the end of every extension). Renaming Convention: Original names are left intact, but the primary extension is replaced and the suffix .borishorse* is quietly added—for example Proposal_Q3.xlsx → Proposal_Q3.xlsx.borishorse*. Some observed samples also duplicate the…

Technical Breakdown: 1. File Extension & Renaming Patterns Confirmation of File Extension: .borishorse Every encrypted file is suffixed with the literal string “.borishorse”, appended directly to the original file’s full name (e.g., Document.docx.borishorse). Renaming Convention: The malware renames files in place; no random hex strings, victim IDs, or attacker email addresses are prepended—only the final…

Technical Breakdown: 1. File Extension & Renaming Patterns Confirmation of File Extension: boris appends the literal suffix “.boris” to each encrypted file. For example: Workbook.xlsx → Workbook.xlsx.boris Annual_Report.pdf → Annual_Report.pdf.boris Renaming Convention: – Preserves the original filename and second-to-last extension (important when the file already has a multi-dot extension). – Adds only one extra extension;…

Technical Breakdown: 1. File Extension & Renaming Patterns Confirmation of File Extension: BORAMAE Renaming Convention: The ransomware uses a predictable suffix-style change: OriginalName.ext → OriginalName.ext.BORAMAE Some samples have been observed leaving filenames exactly as-is but creating an accompanying README.boramae.txt ransom note in every encrypted directory instead of altering the original name. Double-check: Always look at…

Bora Ransomware – Technical Breakdown + Recovery Playbook (last updated 2024-06-XX) Technical Breakdown 1. File Extension & Renaming Patterns Confirmation: The correct suffix used by Bora is .bora (lower-case). Renaming Convention: Each encrypted file receives two layers: The base name is replaced with an uppercase 32-character hexadecimal string (e.g., 8A6B…F1B9). Immediately after the string, .bora…

RANSOMWARE RESOURCE – BOPADOR (.bopador) Technical Breakdown 1. File Extension & Renaming Patterns • Confirmation of File Extension: .bopador (lower-case, placed as a secondary extension, not replacing the original). • Renaming Convention: [original_filename].[original_ext].id-[random 8-chars].[attacker_email].bopador Example: Sales_2024.xlsx.id-1A2B3C4D.[[email protected]].bopador Files are NOT renamed in system-critical folders (e.g., C:\Windows) to maintain OS stability and give the illusion that the…

Technical Breakdown: 1. File Extension & Renaming Patterns Confirmation of Extension: The ransomware known as Booyah appends the literal word “.booyah” to every file it encrypts. Renaming Convention: It simply suffixes the ransom extension to each file’s original name without further obfuscation, transforming, for example, QuarterlyReport.xlsx into QuarterlyReport.xlsx.booyah. 2. Detection & Outbreak Timeline Approximate Start…

Technical Breakdown ────────────────── File Extension & Renaming Patterns • Confirmation of File Extension: “.boot” – appended after the original extension. Example: Report.xlsx ➜ Report.xlsx.boot • Renaming Convention: – File names remain unchanged except the new “.boot” suffix (no email addresses, random IDs, or hexadecimal tags). – All directories receive four readme.txt–style files named: README!.txt (brief…

Technical Breakdown 1. File Extension & Renaming Patterns Confirmation of File Extension: This strain uses .boost as the final appended extension. Renaming Convention: Files are renamed using the pattern original_name.ext.id-[unique-ID].[email].boost Example: invoice.xls becomes [email protected] 2. Detection & Outbreak Timeline Approximate Start Date: First large-scale sightings appeared on 29 June 2021, with heavy distribution throughout July…

Ransomware Variant Deep-Dive: “.boop” (STOP/DJVU family) Technical Breakdown 1. File Extension & Renaming Patterns Confirmation of File Extension: Every encrypted file gets the literal suffix .boop appended to its original name. Renaming Convention: OriginalName.ext ➝ OriginalName.ext.boop (with no further pattern changes). Example: Q4-Budget.xlsx becomes Q4-Budget.xlsx.boop. 2. Detection & Outbreak Timeline First Public Sighting: Mid-January 2020…