Boop Ransomware

The Boop Ransomware is a file-locker Trojan from the Ransomware-as-a-Service STOP Ransomware. The Boop Ransomware hides from the user while blocking files with its encryption feature and sells the unlocking service for restoring them afterward. A well-maintained backup on other devices is ideal for recovering any data that the Trojan attacks and most anti-malware programs will counter infection exploits and remove the Boop Ransomware.

Just a Little Boop Ransomware on the Nose

In-jokes, memes, and other such social phenomena are more than just gags – for threat actors, they can be identifiers and distribution models for Trojan campaigns. The Boop Ransomware takes its name from an ideophone for reinvigorating the old-hat concept of file-locking Trojans' attacks. Still, it depends on the well-worn functionality of the STOP Ransomware Ransomware-as-a-Service technically. Since most of the Boop Ransomware's executables are using random file names, it's likely that the Boop Ransomware's theme is only skin-deep.

Virtually all of the Boop Ransomware's features are direct reiterations of previous ones from its family, which rents the Trojan capabilities to third parties on the dark Web. The Trojan initiates contact with a Command & Control server to download an encryption key and may use a default one in offline scenarios. When it completes the setup process, including altering the Registry, it launches several attacks against the user:

• It blocks websites like microsoft.com by changing the Hosts file.
• It deletes backups (specifically, the Shadow Volume Copies or the Restore Points).
• It encrypts media, including most formats of documents (DOC, PDF, TXT, etc.), pictures, music and archives. This blocking feature stops related programs from reading them until the threat actor deigns to provide a decryption service or the user finds a free equivalent.
• The Trojan also adds 'boop' extensions to each file's name, as a cosmetic and technically separate function from the encryption that locks the file.

The financial phase of the Boop Ransomware's attacks comes last, with the dispensing of a ransom note for just under one thousand USD. This message is a copy-pasted template and is identical to previous variants, as per the campaigns of the Oonn Ransomware, the Opqz Ransomware, the Maas Ransomware, and the Nbes Ransomware. When possible, victims should prioritize non-ransom recovery methods, since paying encourages further 'business' from the STOP Ransomware RaaS.

Attending to Unwanted Pokes on Your Files

Besides the oddity of a name that isn't random letters, the Boop Ransomware is a very conventional example of the STOP Ransomware's family. It uses fake Windows update components as part of hiding on the PC, initially, and contacts known-corrupted C&C domains. The Trojan also has no significant alterations to its negotiating practices and targets Windows environments with English speakers as the expected victims.

Because of the Restore Points' routine deletion, users shouldn't depend on them as their last means of recovering any work. Media files of any significant value should have backups on additional devices, such as cloud services. Malware researchers recommend that users avoid illicit downloads, turn off JavaScript and Flash while browsing the Web, review their passwords for brute-force weaknesses and install all software updates promptly. Businesses are at risk from an attack by the Boop Ransomware equally, as are individuals on their PCs at home.

Anti-malware products from most companies of note will flag this threat at multiple stages and quarantine or delete the Boop Ransomware. They can also prevent unsafe network connections that would help secure the encryption and make any media that much more unrecoverable.

The humor in the Boop Ransomware's theme goes against the flow of its plan of operations. Any program that turns someone's digital possessions into a laughing matter is dangerous, whether or not the target gleans any amusement from it.