Boris HT Ransomware is one of the many ransomware infections that are based on the open-source ransomware Hidden Tear. We have covered similar infections multiple times, but it seems like there is no end to them. Granted, Boris HT Ransomware was released last summer, but it wouldn’t be surprising to see it terrorizing users these days as well, and so here is our description that tells you more about this infection and how to remove it for good. After you get rid of this infection, be sure to acquire a legitimate computer security tool that would safeguard your PC against similar threats in the future.
Although malware does not recognize national borders, it is very likely that Boris HT Ransomware is created to target the Russian-speaking users or companies in Russia and other countries where the language is used frequently. We can assume that based on the fact the ransom note this program displays is written in Russian. However, you do not need to know the language to understand that these criminals expect you to contact them, but that wouldn’t be a good idea. It goes without saying that the criminals would ask you to pay the ransom fee. But even paying the ransom would not guarantee that you get your files back.
Of course, it would be for the best to avoid Boris HT Ransomware rather than to deal with it. We can actually avoid ransomware infections if we know how they spread around. For the most part, ransomware programs are distributed via spam emails. Sometimes they could also come from file-sharing websites or through corrupted RDP connections. At the end of the day, it means that the users unwittingly allow these dangerous programs to enter their computers. And this happens because it often looks like the files they download are important. However, the moment you open that attached file, Boris HT Ransomware (or any other ransomware infection for that matter) gets installed on your system.
When we ran this infection in our virtual environment, we have found that Boris HT Ransomware tries to connect to a remote server. It is quite common because ransomware programs need to report infections to their command and control servers. On the other hand, it is very likely that the server is dead by now, and so Boris HT Ransomware would not be able to connect to it. Thus, it is also very likely that the program cannot receive the decryption key from its developers, and paying the ransom would not solve anything.
Although this is not much of a relief, we do know for sure that Boris HT Ransomware targets only certain file formats. So, it means that not all files on your computer will be encrypted. When the encryption is complete, all the affected files will have the “.[firstname.lastname@example.org].boris extension added to their filenames, and you will definitely see which files were encrypted. The most important thing is not to panic when you get infected with ransomware because panic makes you do things you regret later.
Remove Boris HT Ransomware today and then look for ways to restore your files. Since this program was released several months ago, there might be a public decryption tool available for it already. If not, and you have a system backup on an external hard drive, simply delete the encrypted files and transfer the healthy copies into your computer.
It would also be a good idea to invest in a security tool. If you do not feel confident about manual ransomware removal, leave it for the security application of your choice, and then do not forget to protect your system from similar intruders.