Boss is a new ransomware extension discovered recently, but the group tends to grow rapidly due to its RaaS (Ransomware as a Service) strategy.
The RaaS tactic has become a widely used method by hackers because it allows them to market the ransomware to anyone. Resulting in the highest profit and propagation of criminal operations.
Boss brings a peculiar feature in its encryption extensions. It is common for victims to receive them with random characters or the name of the ransomware. However, besides “.Boss”, the victim’s IP and the ransom email are also left in the extension of the encrypted files.
This method has been used before by another group known as Makop. And by analysing the source code of both, it can be stated that Boss and Makop belong to the same ransomware family.
The same email appears in the ransom note left by the group on their desktop, along with an FAQ taking the guesswork out of what happened. To prove that they have access to the decryption key, a folder with simple files of up to 1 MB can be decrypted.
It is worth noting that for complete data recovery, the group only accepts payment in Bitcoin, even though this action is not recommended, because there is no real guarantee that the files will be decrypted.
Recover files encrypted by Boss ransomware
Ransomware attacks have gone from being an occasional occurrence to a constant danger to businesses. Aware of this, Digital Recovery specializes in the recovery of data encrypted by ransomware.
For more than two decades providing solutions for lost data, we have formed a team of specialists and engineers, capable of performing recovery in Virtual Machines, Databases, RAID Systems, Magnetic tapes and others.
To provide a better experience with our services, we have developed unique technologies that speed up the process and boost results. In most cases we can operate 100% remotely.
Digital Recovery understands the importance of data preservation, so we have developed a confidentiality agreement NDA. And we solve all cases within the General Data Protection Regulation (GDPR).
Talk to one of our agents and ask for a diagnosis right now.