Bora Ransomware
The Bora Ransomware is a file-locking Trojan that comes from the family of the STOP Ransomware or the Djvu Ransomware. Its Ransomware-as-a-Service business model includes locking files with encryption, adding custom extensions to them, erasing backups, and leaving ransom notes for the victims. Users can, as always, benefit from backup strategies for data recovery, and anti-malware programs for infection prevention or removing the Bora Ransomware.
Despite Hiccups, the STOP Ransomware is Still not Stopping
Alongside a relatively recent incident of a completely-unrelated Trojan employing the STOP Ransomware's note and addresses (see: the Mike Ransomware, the HildaCrypt Ransomware), malware experts still are tracking actual members of the family. The Bora Ransomware is a recent release that's out in the wild, targeting unknown regions of the world, although it's probable that the peoples of Southeast Asia form part of its base of victims. Whatever the case concerning its infection tactics, the Bora Ransomware is providing the usual dangers of encryption, ransoms, and backup-wiping attacks.
The Bora Ransomware may download data from its C&C (or Command and Control) server if it has Internet access before conducting the locking attack. If it can do so, it runs a secure encryption routine with a protected key, and blocks most media on the computer, including documents, pictures, and most files that aren't part of the operating system. However, connectivity disruptions aren't a perfect defense. The STOP Ransomware variants include a default encryption method, as well.
The Bora Ransomware also includes a text message with what is the by-now communal messaging and e-mail addresses for its operators, and a series of paragraphs explaining the ransoming process. Free demonstrations, video links, and deadlines on getting the optimal price are some of the social engineering details that this Trojan leverages for optimizing its profitability. These characteristics, while noteworthy, are ones that it shares with most of its relatives, such as the Boot Ransomware, the Kuub Ransomware, the Nesa Ransomware or the Vesrato Ransomware.
Reliable Data Protection from a Wild West Internet
Although old versions of the STOP Ransomware are fully compatible with free decryption tools, current unlocking solutions, usually, don't work with the family's new releases. File-locking Trojans like the Bora Ransomware are highly avoidable, but users can limit the damages of infections by having backups on other devices. This precaution is appropriate for media such as documents, images, spreadsheets, music, or video, especially, but also is relevant to space-compressed archives, 3D-modeling plans, and more obscure formats.
Besides backup storage, users also can preempt any infection attempts by:
- Using secure passwords.
- Patching software (esp. server-associated).
- Refusing illicit download links.
- Scanning e-mail attachments before opening.
When implemented together, these steps can block most attacks that result in distributing variants of the STOP Ransomware, along with the Jigsaw Ransomware, Hidden Tear, and various competing Ransomware-as-a-Service families. However, traditional anti-malware services also form a potent last-ditch option for averting infections or uninstalling the Bora Ransomware.
The Bora Ransomware may offer little that's new to the fold, besides a changing extension, but that doesn't make it harmless. Any Trojan with encryption is a threat worth paying attention to, no less than an animal baring its fangs.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.