Boop Ransomware

Posted: August 25, 2020

Boop Ransomware Description

The Boop Ransomware is a file-locker Trojan from the Ransomware-as-a-Service STOP Ransomware. The Boop Ransomware hides from the user while blocking files with its encryption feature and sells the unlocking service for restoring them afterward. A well-maintained backup on other devices is ideal for recovering any data that the Trojan attacks and most anti-malware programs will counter infection exploits and remove the Boop Ransomware.

Just a Little Boop Ransomware on the Nose

In-jokes, memes, and other such social phenomena are more than just gags – for threat actors, they can be identifiers and distribution models for Trojan campaigns. The Boop Ransomware takes its name from an ideophone for reinvigorating the old-hat concept of file-locking Trojans' attacks. Still, it depends on the well-worn functionality of the STOP Ransomware Ransomware-as-a-Service technically. Since most of the Boop Ransomware's executables are using random file names, it's likely that the Boop Ransomware's theme is only skin-deep.

Virtually all of the Boop Ransomware's features are direct reiterations of previous ones from its family, which rents the Trojan capabilities to third parties on the dark Web. The Trojan initiates contact with a Command & Control server to download an encryption key and may use a default one in offline scenarios. When it completes the setup process, including altering the Registry, it launches several attacks against the user:

  • It blocks websites like microsoft.com by changing the Hosts file.
  • It deletes backups (specifically, the Shadow Volume Copies or the Restore Points).
  • It encrypts media, including most formats of documents (DOC, PDF, TXT, etc.), pictures, music and archives. This blocking feature stops related programs from reading them until the threat actor deigns to provide a decryption service or the user finds a free equivalent.
  • The Trojan also adds 'boop' extensions to each file's name, as a cosmetic and technically separate function from the encryption that locks the file.

The financial phase of the Boop Ransomware's attacks comes last, with the dispensing of a ransom note for just under one thousand USD. This message is a copy-pasted template and is identical to previous variants, as per the campaigns of the Oonn Ransomware, the Opqz Ransomware, the Maas Ransomware, and the Nbes Ransomware. When possible, victims should prioritize non-ransom recovery methods, since paying encourages further 'business' from the STOP Ransomware RaaS.

Attending to Unwanted Pokes on Your Files

Besides the oddity of a name that isn't random letters, the Boop Ransomware is a very conventional example of the STOP Ransomware's family. It uses fake Windows update components as part of hiding on the PC, initially, and contacts known-corrupted C&C domains. The Trojan also has no significant alterations to its negotiating practices and targets Windows environments with English speakers as the expected victims.

Because of the Restore Points' routine deletion, users shouldn't depend on them as their last means of recovering any work. Media files of any significant value should have backups on additional devices, such as cloud services. Malware researchers recommend that users avoid illicit downloads, turn off JavaScript and Flash while browsing the Web, review their passwords for brute-force weaknesses and install all software updates promptly. Businesses are at risk from an attack by the Boop Ransomware equally, as are individuals on their PCs at home.

Anti-malware products from most companies of note will flag this threat at multiple stages and quarantine or delete the Boop Ransomware. They can also prevent unsafe network connections that would help secure the encryption and make any media that much more unrecoverable.

The humor in the Boop Ransomware's theme goes against the flow of its plan of operations. Any program that turns someone's digital possessions into a laughing matter is dangerous, whether or not the target gleans any amusement from it.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Boop Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Related Posts

Home Malware Programs Ransomware Boop Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.