BOK Ransomware
Posted: June 29, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 8/10 |
|---|---|
| Infected PCs: | 1,237 |
| First Seen: | June 29, 2017 |
|---|---|
| Last Seen: | June 3, 2022 |
| OS(es) Affected: | Windows |
The BOK Ransomware is a file-locking Trojan that uses encryption to block your media until you pay for the decryptor. Along with not being able to open files such as documents, victims also may experience hijacked wallpapers, unusual filename edits (such as new extensions at the end) or issues with running other programs. Use anti-malware programs to protect your PC and delete the BOK Ransomware, and backups to reduce any potential for data loss to a temporary situation.
Misdeed for the Bargain Price of Ten Percent
Ransomware-as-a-Service, or RaaS as it may be abbreviated, isn't the only kind of encryption-based attack taking place in 2017, but it is a large section of the threat black market. Victims soon may find themselves at the wrong end of another RaaS family's boom with the BOK Ransomware, which is offering its services to independent threat actors at bargain prices. The new Trojan uses symptoms imitating those of the '.locky File Extension' Ransomware in the process of blocking your data and requesting money for it.
The BOK Ransomware uses what malware researchers estimate is a version of the AES-based encryption (although it claims to combine the AES and RSA algorithms for a secure, two-part enciphering process) to lock the local files. Content at risk includes text documents, photos and pictures, spreadsheets, compressed archives, Web pages and other media. Over a hundred formats are compatible with this feature. The BOK Ransomware also may be adding new extensions or other additions to their names, depending on the variables set by its administrator.
After the success of its core attack, the BOK Ransomware uploads the key to unlocking your files to its Command & Control server and loads an image file to lock the screen with a ransoming message. The message is formatted to some versions of the '.locky File Extension' Ransomware identically and asks you to use a TOR Web browser to use the Trojan's payment website. The BOK Ransomware's original authors take ten percent of this fee, with the rest going to the threat actors distributing it.
Cutting out Your Contribution to Undeserved Profit Percentages
While the BOK Ransomware isn't the most polished or sophisticated of the RaaS threats, it arguably makes up for its simplicity with ease of use and affordability. Unless threat actors opt to pay several thousand USD for the source code, the BOK Ransomware requires little upfront investment and operates primarily on an automatic ransom-splitting basis. While the BOK Ransomware's authors claim that the decryption feature triggers with a payment automatically, malware experts can't verify the statement and recommend recovering media from backups instead, if possible.
Parties 'renting' the BOK Ransomware may generate minor variations of the threat with an easy-to-use builder UI, and, then, circulate it in whatever fashion they see fit. Some infection vectors of noteworthy prominence this year include the RIG Exploit Kit, corrupted e-mail attachments, and brute-force attacks for breaking insecure login credentials. Although your anti-malware programs can remove the BOK Ransomware and block the first two infection methods, appropriate user behavior is necessary for having secure backups and passwords.
The BOK Ransomware could be the start of a new tidal wave of RaaS infections or an overly-marketed flop in the dark Web. However, malware experts don't recommend betting on the latter, particularly when Trojans with nearly the same attacks remain as prolific as any con artist could want.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.