.boost Files Virus (Dharma Ransomware) – Remove and Restore Data
THREAT REMOVAL

.boost Files Virus (Dharma Ransomware) – Remove and Restore Data

OFFER

SCAN YOUR PC
with SpyHunter

Scan Your System for Malicious Files
Note! Your computer might be affected by .boost Files Virus and other threats.
Threats such as .boost Files Virus may be persistent on your system. They tend to re-appear if not fully deleted. A malware removal tool like SpyHunter will help you to remove malicious programs, saving you the time and the struggle of tracking down numerous malicious files.
SpyHunter’s scanner is free but the paid version is needed to remove the malware threats. Read SpyHunter’s EULA and Privacy Policy

remove .boost files virus dharma ransomware sensorstechforum guide

This is an article that provides specific details on .boost files virus as well as a detailed guide with removal steps and alternative data recovery approaches.

Owners of the notorious Dharma ransomware have released yet another version of their threat in active attack campaigns. This time the ransomware is set to append the extension .boost to all files it encodes. The purpose of data corruption remains the same – ransom payment. In case of infection with this Dharma .boost variant, you won’t be able to access the information stored by important files until you apply an efficient data recovery solution. Our advice is to avoid following the instructions from the ransom note as their completion does not guarantee the recovery of your encrypted data.

Threat Summary

Name .boost Files Virus
Type Ransomware, Cryptovirus
Short Description A version of the CrySyS/Dharma ransomware family that is designed to encrypt valuable files stored on infected computers and then extort a ransom from victims.
Symptoms Important files are encrypted and renamed with the extension .boost. A ransom note appears on PC screen to present ransom payment instructions.
Distribution Method Spam Emails, Email Attachments
Detection Tool See If Your System Has Been Affected by .boost Files Virus

Download

Malware Removal Tool

User Experience Join Our Forum to Discuss .boost Files Virus.
Data Recovery Tool Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

.boost Files Virus – Distribution

There are several ways which may be used for the distribution of this version of Dharma ransomware. One of those methods is known to be malwspam. It provides hackers the chance to spread corrupted files of common file types in massive email campaigns. The emails are usually disguised as legitimate ones. However, their purpose is to trick you into opening corrupted files with embed malicious code on your device and this way trigger the ransomware payload. A variety of common file types such as documents, PDFs, images could be transformed into carriers of ransomware code.

These files are often presented as the following:

  • Invoices coming from reputable sites, like PayPal, eBay, etc.
  • Documents from what appears to be the victim’s bank.
  • An online order confirmation note.
  • Receipt for a purchase.
  • Others.

The malware authors may be also using compromised sites to spread this .boost Dharma ransomware infection. This method enables them to upload the ransomware configuration file to a compromised web page and set its automatic execution after a registered visit of this page.

.boost Files Virus – Overview

An infection with .boost files virus begins when its payload is started on the system. Upon successful execution it enables the ransomware to plague large number of system components and reach the main stage which is data encryption.

In the beginning of the infection process it could drop or create additional malicious files that will support the completion of the attack. Some of these files may be located in the following system folders:

  • %Roaming%
  • %Windows%
  • %AppData%
  • %Local%
  • %Temp%

Among the malicious activities performed by .boost files virus are modifications of registry keys. By creating certain registry values in the Run and RunOnce Windows registry sub-keys it could set up its files to run automatically on each system boot.
These changes could be noticed when you enter the following registry sub-keys locations:

→ HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce

These sub-keys are used when the virus wants to load its ransom note on the screen. The note is dropped during the infection process. The note could be copied several times so that it could appear on your desktop as well as in folders with corrupted files.

.boost Files Virus – Encryption Process

Alike some of the previous versions (.combo, .arrow, .bkp, etc.) Dharma .boost crypto virus needs to utilize its built-in encryption module for the completion of its main purpose. It could be configured to transform target files with the help of one or two cipher algorithms one of which is the AES. Following encryption, valuable files become inaccessible due to essential changes of their code. Unfortunately, all of your important files could be affected by the ransomware including your:

  • Audio files.
  • Videos.
  • Image files.
  • Databases.
  • Archives.

A visible trait of all corrupted files is the distinctive extension .boost that appears at the end of their names. In addition, all .boost files will have other two extensions appended to their names. As discovered by security researchers Dharma .boost ransomware uses the following rename pattern for files it encrypts:

  • Original file name – original file extension – victim ID – hackers’ contact email – boost

For example, you could see how a file that was originally named project1.docx will appear like shown in the image below:

docx-file-encrypted-by-dharma-.boost-ransomware-virus-sensorstechforum-removal-guide

During the encryption process, the ransomware generates unique decryption key that supposedly could recover the original code of corrupted files. In order that hackers could extort a ransom from their victims, their threat is configured to transfer the key to their server immediately after the encryption stage. However, there is no guarantee that the generated key could restore data as only a single bug in the code could break it.

Remove .boost Files Virus and Restore Data

Below you could find how a step-by-step removal guide that may be helpful in attempting to remove this .boost files virus. The manual removal approach demands practice in recognizing traits of malware files. Beware that ransomware is a threat with highly complex code that plagues not only your files but your whole system. So it should be secured properly before it could be used regularly again.

For alternative data recovery methods make sure to read thoroughly the information under “Restore Files” step form our guide. Beware that before recovery process you should back up all encrypted files to an external drive in order to prevent their irreversible loss.

Note! Your computer system may be affected by .boost Files Virus and other threats.
Scan Your PC with SpyHunter
SpyHunter is a powerful malware removal tool designed to help users with in-depth system security analysis, detection and removal of threats such as .boost Files Virus.
Keep in mind, that SpyHunter’s scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter’s malware removal tool to remove the malware threats. Read our SpyHunter 5 review. Click on the corresponding links to check SpyHunter’s EULA, Privacy Policy and Threat Assessment Criteria.

To remove .boost Files Virus follow these steps:

1. Boot Your PC In Safe Mode to isolate and remove .boost Files Virus files and objects
2. Find files created by .boost Files Virus on your PC

Use SpyHunter to scan for malware and unwanted programs

3. Scan for malware and unwanted programs with SpyHunter Anti-Malware Tool
4. Try to Restore files encrypted by .boost Files Virus
Gergana Ivanova

Gergana Ivanova

Gergana has completed a bachelor degree in Marketing from the University of National and World Economy. She has been with the STF team for three years, researching malware and reporting on the latest infections. She believes that in times of constantly evolving dependency of network connected technologies, people should spread the word not the war.

More Posts

Follow Me:
Google Plus

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...