Boop Ransomware Description
The Boop Ransomware is a file-locker Trojan from the Ransomware-as-a-Service STOP Ransomware. The Boop Ransomware hides from the user while blocking files with its encryption feature and sells the unlocking service for restoring them afterward. A well-maintained backup on other devices is ideal for recovering any data that the Trojan attacks and most anti-malware programs will counter infection exploits and remove the Boop Ransomware.
Just a Little Boop Ransomware on the Nose
In-jokes, memes, and other such social phenomena are more than just gags – for threat actors, they can be identifiers and distribution models for Trojan campaigns. The Boop Ransomware takes its name from an ideophone for reinvigorating the old-hat concept of file-locking Trojans' attacks. Still, it depends on the well-worn functionality of the STOP Ransomware Ransomware-as-a-Service technically. Since most of the Boop Ransomware's executables are using random file names, it's likely that the Boop Ransomware's theme is only skin-deep.
Virtually all of the Boop Ransomware's features are direct reiterations of previous ones from its family, which rents the Trojan capabilities to third parties on the dark Web. The Trojan initiates contact with a Command & Control server to download an encryption key and may use a default one in offline scenarios. When it completes the setup process, including altering the Registry, it launches several attacks against the user:
- It blocks websites like microsoft.com by changing the Hosts file.
- It deletes backups (specifically, the Shadow Volume Copies or the Restore Points).
- It encrypts media, including most formats of documents (DOC, PDF, TXT, etc.), pictures, music and archives. This blocking feature stops related programs from reading them until the threat actor deigns to provide a decryption service or the user finds a free equivalent.
- The Trojan also adds 'boop' extensions to each file's name, as a cosmetic and technically separate function from the encryption that locks the file.
The financial phase of the Boop Ransomware's attacks comes last, with the dispensing of a ransom note for just under one thousand USD. This message is a copy-pasted template and is identical to previous variants, as per the campaigns of the Oonn Ransomware, the Opqz Ransomware, the Maas Ransomware, and the Nbes Ransomware. When possible, victims should prioritize non-ransom recovery methods, since paying encourages further 'business' from the STOP Ransomware RaaS.
Attending to Unwanted Pokes on Your Files
Besides the oddity of a name that isn't random letters, the Boop Ransomware is a very conventional example of the STOP Ransomware's family. It uses fake Windows update components as part of hiding on the PC, initially, and contacts known-corrupted C&C domains. The Trojan also has no significant alterations to its negotiating practices and targets Windows environments with English speakers as the expected victims.
Anti-malware products from most companies of note will flag this threat at multiple stages and quarantine or delete the Boop Ransomware. They can also prevent unsafe network connections that would help secure the encryption and make any media that much more unrecoverable.
The humor in the Boop Ransomware's theme goes against the flow of its plan of operations. Any program that turns someone's digital possessions into a laughing matter is dangerous, whether or not the target gleans any amusement from it.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to Boop Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.