Boss is a newly discovered ransomware extension, but the group tends to grow rapidly due to its RaaS (Ransomware as a Service) strategy.
The RaaS tactic has become a widely used method by hackers because it allows them to market the ransomware to anyone. Resulting in the greatest profit and spread of criminal operations.
Boss brings a peculiar feature in its encryption extensions. It is common for victims to receive them with random characters or the name of the ransomware. However, in addition to “.Boss”, the victim’s IP and the ransom e-mail are also left in the extension of the encrypted files.
This method has been used before by another group known as Makop. And by analyzing the source code of both, it can be stated that Boss and Makop belong to the same ransomware family.
The same email appears in the ransom note left by the group on the desktop, along with an FAQ taking the guesswork out of what happened. To prove that they have access to the decryption key, a folder with simple files of up to 1 MB can be decrypted.
It is worth mentioning that for complete data recovery, the group only accepts payment in Bitcoin, even though this action is not recommended, since there is no real guarantee that the files will be decrypted.
Recover files encrypted by Boss ransomware
Ransomware attacks are no longer an occasional occurrence, but a constant danger for businesses. Aware of this, Digital Recovery specializes in the recovery of data encrypted by ransomware.
For more than two decades providing solutions for lost data, we have formed a team of specialists and engineers, capable of performing recovery in Virtual Machines, Databases, RAID Systems, Magnetic tapes and others.
To provide a better experience with our services, we have developed unique technologies that speed up the process and boost results. In most cases we can operate 100% remotely.
Digital Recovery understands the importance of data preservation, so we have developed a confidentiality NDA.
Talk to one of our agents and ask for a diagnosis right now.