BOOA virus infects the computer system stealthily, deletes Volume Shadow Copies to prevent data restoration option via system restore points. The next thing it does is modify Windows HOSTS file by adding a list of restricted computer-related domains to it. Then it installs password-stealer on the system called AZORULT. Finally, it starts its main task – data encryption. The data encryption phase starts with an attempt to connect to BOOA ransomware’s Command&Control server. Here, the virus requests for a newly generated encryption key (which we’ll call online key in this article). This key later is used to encrypt all files on the victim’s computer via RSA cryptography algorithm. In cases when the virus fails to connect to its C&C server, a hardcoded-offline encryption key is used. This key is the same for all offline-encryption victim’s, which gives hope to restore files someday (once someone pays and shares the key). You can check whether your version’s decryption key is available here. Files encrypted by this ransomware are impossible to open, and the cybercriminals behind this attack seek to take advantage of this situation. They leave ransom notes called _readme.txt, explaining that victim can recover files by paying a large sum of money to them.
Threatening message left in the _readme.txt
Criminals who created BOOA file virus explain that the ransomware decryption key costs $490 if paid within 3 days or $980 later. In other words, they suggest a 50% discount if victim rushes to contact them, purchase Bitcoins worth the amount, and transfers it to the criminals’ crypto wallet. What is more, they offer test decryption on one file. The victim can attach it to the email for the criminals as well as personal ID (included in the _readme.txt note). Such horrendous activity is targeted at computer users who do not have any data backups. Besides, the ransom demand is very high, especially during these challenging pandemic times. However, it doesn’t seem like a problem for cybercriminals who continue and accelerate their malicious operations. That said, we’d like to remind you why cybersecurity professionals do not recommend paying the ransom for Internet crooks:
You might never receive working .booa decryption tools even if you pay up.The provided tools might decrypt part of the data, leaving remaining data locked. This can happen to half online, half offline encryption cases.Ransoms collected from victims help to fuel further malware operations. Please, do not support this virtual crime industry by listening to extortionists’ demands.This ransomware is known to install password-stealing Trojan that grabs various login details, displays fake forms and similar. As a result, if you’ll try to purchase cryptocurrency to pay the ransom, or perform any other bank-related processes, it can steal your banking information and transfer it to cybercriminals. There is a wide range of things that scammers can do with private data stolen from computers.
STOP/DJVU ransomware is one of the most prevalent ransom-demanding threats in 2020. Along with DHARMA or Matrix malware families, these programs have extorted millions of dollars from computer users worldwide. We do not recommend paying the ransom due to variety of reasons listed previously. Besides, there are chances to repair part of the files using available tools, or decrypt them using Emsisoft Decryptor for STOP/DJVU. Please follow the guidelines given below to try it.Moreover, victims of offline encryption should be patient as their chances to restore their files for free in the future are high. Booa ransomware virus is nearly identical to previous STOP/DJVU variants, such as IGDM, NOBU, EPOR, SGLH or others. Variants of this malware family are mainly divided into two categories: old (decryptable) and new (hard to decrypt) viruses. The main difference between the versions is the extension added to encrypted files (also known as file marker). If you have fallen victim to this ransomware and your files are now encrypted, we strongly recommend choosing SYSTEM MECHANIC ULTIMATE DEFENSE software to remove BOOA ransomware virus. The recommended software is a robust malware removal, real-time protection anti-virus, data recovery tool and more in one pack. After-removal steps: make sure you set new passwords for websites saved in your browsers. The malware that infected your computer tends to install password-stealing Trojan that grabs such information and transfers it to criminals.
Avoid crypto-malware attacks
BOOA ransomware distribution relies on deceptive technique to convince user download a file that doesn’t seem like malware. The majority of STOP/DJVU variants are found in illegal peer-to-peer downloads, such as software cracks and keygens, or tools like KMSPico. These copyright-infringing tools work as a trap, because users search for them in order to save some money and obtain paid software licenses for free. Sadly, this only results in massive data loss that often leads to financial loss as well. Therefore, we advise you to stay away from such downloads, and wisely choose software download sources. Malicious email messages is also a common ransomware distribution vector. To spread infections, criminals disguise malicious payloads as email attachments in document formats (DOCX, PDF, etc.) or attach as link. To obfuscate a suspicious link, crooks often use link shortening services. Recent scam campaigns show that criminals tend to impersonate legitimate companies in their emails. They might claim they’re working at DPD, DHL, UPS or another parcel delivery company. Such letters might ask to open tracking link or pending/missing payment attachment. Unfortunately, if victim gets convinced to open such attachment, the dangerous script added to website or attachment will download the ransomware and execute it on victim’s computer. Good news is that home and business computer users can avoid ransomware rather simply. These are the steps to ransomware prevention success:
Do not download or look up illegal software downloads. Be very careful for fake free movie websites as these tend to display malicious ads and trigger redirects as well.Never open email links or attachments that you weren’t waiting for. Scammers are especially leveraging the parcel delivery themed messages during these pandemic times when people shop online more.Develop a habit or creating data backups regularly. Store them on external data storage device, such as hard disks.Use antivirus with real-time protection, such as SYSTEM MECHANIC ULTIMATE DEFENSE .
Remove Booa ransomware effectively
Remove Booa ransomware virus from your computer without a delay. We strongly recommend reading professional instructions prepared by our team. We also advise getting our recommended software which has a rich set of features for computer security, optimisation, privacy enhancement and data recovery. As soon as you take care of Booa ransomware removal, you can move on to the data decryption phase. The first thing we recommend doing is running data recovery tool included in our recommended program. You can also test other tools available at the end of this article. Finally, do not forget to report cybercrime via provided list of authority pages, and change passwords for accounts saved in your browsers. Please let us know in the comments below how did you get infected, and did you succeed to restore your files. OUR GEEKS RECOMMEND Our team recommends a two-step rescue plan to remove ransomware and other remaining malware from your computer, plus repair caused virus damage to the system: GeeksAdvice.com editors select recommended products based on their effectiveness. We may earn a commission from affiliate links, at no additional cost to you. Learn more. Get INTEGO ANTIVIRUS for Windows to remove ransomware, Trojans, adware and other spyware and malware variants and protect your PC and network drives 24/7. This VB100-certified security software uses state-of-art technology to provide protection against ransomware, Zero-Day attacks and advanced threats, Intego Web Shield blocks dangerous websites, phishing attacks, malicious downloads and installation of potentially unwanted programs. Use INTEGO Antivirus to remove detected threats from your computer. Read full review here. RESTORO provides a free scan that helps to identify hardware, security and stability issues and presents a comprehensive report which can help you to locate and fix detected issues manually. It is a great PC repair software to use after you remove malware with professional antivirus. The full version of software will fix detected issues and repair virus damage caused to your Windows OS files automatically. RESTORO uses AVIRA scanning engine to detect existing spyware and malware. If any are found, the software will eliminate them. Read full review here.
Method 1. Enter Safe Mode with Networking
Before you try to remove BOOA ransomware virus virus, you must start your computer in Safe Mode with Networking. Below, we provide the easiest ways to boot PC in the said mode, but you can find additional ones in this in-depth tutorial on our website – How to Start Windows in Safe Mode. Also, if you prefer a video version of the tutorial, check our guide How to Start Windows in Safe Mode on Youtube. Instructions for Windows XP/Vista/7 users Instructions for Windows 8/8.1/10/11 users Now, you can search for and remove BOOA ransomware virus files. It is very hard to identify files and registry keys that belong to the ransomware virus, Besides, malware creators tend to rename and change them repeatedly. Therefore, the easiest way to uninstall such type of a computer virus is to use a reliable security program such as INTEGO Antivirus. For virus damage repair, consider using RESTORO.
Method 2. Use System Restore
In order to use System Restore, you must have a system restore point, created either manually or automatically. Instructions for Windows XP/Vista/7 users Instructions for Windows 8/8.1/10/11 users After restoring the system, we recommend scanning the system with antivirus or anti-malware software. In most cases, there won’t be any malware remains, but it never hurts to double-check. In addition, we highly recommend checking ransomware prevention guidelines provided by our experts in order to protect your PC against similar viruses in the future.
Alternative software recommendations
Malwarebytes Anti-Malware Removing spyware and malware is one step towards cybersecurity. To protect yourself against ever-evolving threats, we strongly recommend purchasing a Premium version of Malwarebytes Anti-Malware, which provides security based on artificial intelligence and machine learning. Includes ransomware protection. See pricing options and protect yourself now.
System Mechanic Ultimate Defense If you’re looking for an all-in-one system maintenance suite that has 7 core components providing powerful real-time protection, on-demand malware removal, system optimization, data recovery, password manager, online privacy protection and secure driver wiping technology. Therefore, due to its wide-range of capabilities, System Mechanic Ultimate Defense deserves Geek’s Advice approval. Get it now for 50% off. You may also be interested in its full review.
Disclaimer. This site includes affiliate links. We may earn a small commission by recommending certain products, at no additional cost for you. We only choose quality software and services to recommend.
Decrypt Booa files
Fix and open large Booa files easily:
It is reported that STOP/DJVU ransomware versions encrypt only the beginning 150 KB of each file to ensure that the virus manages to affect all files on the system. In some cases, the malicious program might skip some files at all. That said, we recommend testing this method on several big (>1GB) files first.
STOP/DJVU decryption tool usage guide
STOP/DJVU ransomware versions are grouped into old and new variants. BOOA ransomware virus is considered the new STOP/DJVU variant, just like BPTO, ISWR, ISZA, BPSM, ZOUU, MBTF, ZNSM (find full list here). This means full data decryption is now possible only if you have been affected by offline encryption key. To decrypt your files, you will have to download Emsisoft Decryptor for STOP DJVU, a tool created and maintained by a genius security researcher Michael Gillespie. Note! Please do not spam the security researcher with questions whether he can recover your files encrypted with online key - it is not possible. In order to test the tool and see if it can decrypt Booa files, follow the given tutorial.
Meanings of decryptor’s messages
The Booa decryption tool might display several different messages after failed attempt to restore your files. You might receive one of the following messages: Error: Unable to decrypt file with ID: [example ID] This message typically means that there is no corresponding decryption key in the decryptor’s database. No key for New Variant online ID: [example ID]Notice: this ID appears to be an online ID, decryption is impossible This message informs that your files were encrypted with online key, meaning no one else has the same encryption/decryption key pair, therefore data recovery without paying the criminals is impossible. Result: No key for new variant offline ID: [example ID]This ID appears to be an offline ID. Decryption may be possible in the future. If you were informed that an offline key was used, but files could not be restored, it means that the offline decryption key isn’t available yet. However, receiving this message is extremely good news, meaning that it might be possible to restore your Booa extension files in the future. It can take a few months until the decryption key gets found and uploaded to the decryptor. We recommend you to follow updates regarding the decryptable DJVU versions here. We strongly recommend backing up your encrypted data and waiting.
Report Internet crime to legal departments
Victims of BOOA ransomware virus should report the Internet crime incident to the official government fraud and scam website according to their country:
In the United States, go to the On Guard Online website.In Australia, go to the SCAMwatch website.In Germany, go to the Bundesamt für Sicherheit in der Informationstechnik website.In Ireland, go to the An Garda Síochána website.In New Zealand, go to the Consumer Affairs Scams website.In the United Kingdom, go to the Action Fraud website.In Canada, go to the Canadian Anti-Fraud Centre.In India, go to Indian National Cybercrime Reporting Portal.In France, go to the Agence nationale de la sécurité des systèmes d’information.
If you can’t find an authority corresponding to your location on this list, we recommend using any search engine to look up “[your country name] report cyber crime”. This should lead you to the right authority website. We also recommend staying away from third-party crime report services that are often paid. It costs nothing to report Internet crime to official authorities. Another recommendation is to contact your country’s or region’s federal police or communications authority.