Ransomware Profile – EXTENSION “.boooom” Technical Breakdown 1. File Extension & Renaming Patterns • Confirmation of File Extension: – All encrypted files receive an additional suffix “.boooom”. – The second period is required; e.g. Document.pdf → Document.pdf.boooom. • Renaming Convention (variant-dependent): – Non-DP mode: The original file name is kept, only “.boooom” is appended. –…

BOOOAMCRYPT Ransomware Analysis & Recovery Playbook (Version 1.0 – compiled by the community, last updated: June 2024) Technical Breakdown 1. File Extension & Renaming Patterns Confirmation of File Extension: .boooamcrypt (often in lower-case; very early samples used .BOOOAMCRYPT on FAT32 volumes) Renaming Convention: [original_name].[original_extension].id-[0-20_HEX_CHARS].email-[attacker_email]@protonmail.com.boooamcrypt Example: QuarterlyReport.xlsx.id-5F7A1E3D.email_crackmylock@protonmail.com.boooamcrypt After encryption, desktop wallpapers and boooam_README!! ransom notes are…

Boooam@cock_li Ransomware Deep-Dive A community-oriented technical summary & remediation guide Technical Breakdown 1. File Extension & Renaming Patterns Confirmation of File Extension: .boooam Renaming Convention: Victim files are renamed with the original filename + 8 random hex characters + .boooam. Example: Quarterly_Financial_Q3.xlsx → Quarterly_Financial_Q3.xlsx.f57d2a3b.boooam 2. Detection & Outbreak Timeline First clusters reported: late-May 2023 on…

boombye Ransomware – Technical Analysis & Recovery Playbook Contributor: Federico “Sinistra” Aruta – 7th May 2024 Technical Breakdown 1. File Extension & Renaming Patterns Confirmed Extension: .boombye Renaming Convention: The malware renames files in the following structure: <original_filename>.<8-random-lowercase-hex-chars>.boombye Example: Q1_Results.xlsx becomes Q1_Results.xlsx.e8fa92c1.boombye Executables are also appended with .boombye.exe and keep their original icons to increase…

Technical Breakdown 1. File Extension & Renaming Patterns Confirmation of File Extension: The ransomware appends “.boom” in lower-case to every encrypted file. If “report.xlsx” were targeted, it becomes “report.xlsx.boom”. Renaming Convention: No change occurs to the original name or internal folder structure—only the final “.boom” tail is added. This “append-one-time” behavior makes quick triage scripts…

Technical Breakdown: Booknish Ransomware 1. File Extension & Renaming Patterns Confirmation of File Extension: Encrypted files receive the fixed extension .booknish appended to the original filename, separated only by the final dot of the original extension (e.g., report.xlsx.booknish). Renaming Convention: The malware preserves the original name, extension, and directory structure; only the trailing .booknish is…

Below is a single-source intelligence brief for the booa file-extension ransomware. All times/dates are in UTC unless stated otherwise. ──────────────────────────────────────── TECHNICAL BREAKDOWN ──────────────────────────────────────── File Extension & Renaming Patterns • Extortion Token → Each encrypted file is appended “.booa” (e.g., report.xlsx → report.xlsx.booa). • Naming Convention → Original file name is fully preserved—there is no double…

Technical Breakdown File Extension & Renaming Patterns • Confirmation of File Extension  The strain self-identifies as “.bonum”. Each file that has been encrypted ends in “.bonum”. • Renaming Convention  original-file-name.ext.[unique-ID].bonum   unique-ID = 8 hexadecimal characters (e.g., “A3F9B2E8”) generated at runtime.  Example: QuarterlyReport.xlsx.A3F9B2E8.bonum Detection & Outbreak Timeline • First public submissions to malware-sharing repositories occurred around…

Ransomware Resource Sheet Variant: .bonsoir Technical Breakdown: 1. File Extension & Renaming Patterns Confirmation of File Extension: Always .bonsoir (note: the token appears after the original file extension, not in place of it). Example: Annual Report 2024.xlsx.bonsoir Renaming Convention: Concatenative. No filename scrambling; only the suffix is appended. Directory names remain untouched, making it easy…

Bondy Ransomware Deep-Dive Report Version: 2024-05a – last updated by the Incident Response Alliance (File-extension observed in the wild: .bondy) Technical Breakdown 1. File Extension & Renaming Patterns Exact file extension appended: .bondy Renaming convention: Original file Document.xlsx → Document.xlsx.bondy (no obfuscation). If run with the “/rename” switch observed in the most recent affiliate build,…