Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


Remove Booyah Ransomware, CRIPTOSO.KEY

petya-ransomware-skull-art-acsii-master-boot-record-dropbox-uniqueSecurity researchers analyze new ransomware pieces on a daily basis. The ransomware business is definitely thriving, one of its latest additions being the so-called Booyah ransomware. The name of the threat derives from its executable, booyah.exe. The ransom message comes in a file called “WHATHAPPENDTOYOURFILES.TXT”.

NameBooyah Ransomware
TypeRansomware.
Short DescriptionThe ransomware doesn’t append any extensions to the encrypted files.
SymptomsThe user’s files are encrypted and a “WHATHAPPENDTOYOURFILES.TXT” is dropped in all affected folders.
Distribution MethodVia a program booyah.exe that employs the Nullsoft installer.
Detection ToolDownload Malware Removal Tool, to See If Your System Has Been Affected by Booyah Ransomware
User Experience Join our forum to discuss Booyah Ransomware.

If the name appears familiar to you, it’s because several ransomware threats have used it (like CryptoWall). Perhaps it’s the same threat actors, or their affiliates. It’s a commonly known fact that ransomware-as-a-service (RaaS) has gained lots of popularity, and anyone with basic skills can buy and distribute file-encrypting threats.

Booyah Ransomware (booyah.exe Ransomware) Technical Description

Little is known about the ransomware’s technical specifications, as reported by researchers at Bleeping Computer. What is known is that the ransomware’s executable is distributed like a program (the user installs it like a program), using the well-known Nullsoft Scriptable Install System installer. Booyah.exe contains a DLL file, responsible for the encryption process on the victim’s machine.

As already mentioned, the ransom note is named “WHATHAPPENDTOYOURFILES.TXT”. It reads like this:

Your ID: 758275
* * *
Hi. Your files are now encrypted. I have the key to decrypt them back.
I will give you a decrypter if you pay me. If you pay me today, the price is only 1 bitcoin.
If you pay me tomorrow, you will have to pay 2 bitcoins. If you pay me one week later the price
will be 7 bitcoins and so on. So, hurry up.

The analysis performed by BC researchers shows that the same ID is sent to all victims, because it is hard-coded in the ransomware.

Here is a resume of Booyah’s ransomware main features:

  • Encrypted folders contain a CRIPTOSO.KEY file.
  • Interestingly, the ransomware doesn’t appear to add an extension to encrypted files.
  • The list of all encrypted files is found in a plaintext file at “%APPDATA%\%ID%”. Siince the ID is the same for every victim, the file should look like this “%APPDATA%\758275”.

How to Remove Booyah Ransomware from Your System

To remove Booyah ransomware completely from your machine, running a strong anti-malware program is advisory. An anti-malware solution will eradicate all traces of the ransomware, but unfortunately, won’t restore your files. To try and restore your files, have a look at step 4 in the removal manual below. Keep in mind that it’s still not known whether Booyah ransomware deleted Shadow Volume Copies. We will keep you posted. Also, if you’ve been infected, make sure to leave a comment in our forum!

1. Boot Your PC In Safe Mode to isolate and remove Booyah Ransomware
2. Remove Booyah Ransomware with SpyHunter Anti-Malware Tool
3. Back up your data to secure it against infections and file encryption by Booyah Ransomware in the future
4. Restore files encrypted by Booyah Ransomware
Optional: Using Alternative Anti-Malware Tools
NOTE! Substantial notification about the Booyah Ransomware threat: Manual removal of Booyah Ransomware requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

Milena Dimitrova

An inspired writer, focused on user privacy and malicious software. Enjoys 'Mr. Robot' and fears '1984'.

More Posts - Website

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.