What is the Bozewerkers Ransomware?

ransomware

We recently came across a new ransomware variant called Bozewerkers. It encrypts data and adds the ".givemenitro" extension to filenames, as well as changing the desktop wallpaper and displaying a ransom note. For example, "1.jpg" would be renamed to "1.jpg.givemenitro", and so on. The ransom note demands $5500 in Bitcoin for decryption of the files, with instructions on how to pay and contact the threat actors via Telegram using two usernames (@Siilenced and @Palmbomen).

Bozewerkers is a Nitro ransomware variant that has been discovered by examining malware samples submitted to online threat databases. It modifies filenames by appending ".givemenitro" to them, as well as altering the desktop wallpaper and displaying a ransom note demanding payment in Bitcoin for data decryption. The amount requested is $5500, with instructions on how to pay and contact the threat actors via Telegram provided in the ransom note.

This new Nitro ransomware variant, Bozewerkers, encrypts data and changes filenames by adding ".givemenitro". It also alters the desktop wallpaper and displays a ransom note demanding $5500 in Bitcoin for data decryption. Victims are instructed to pay the ransom and contact the threat actors via Telegram using two usernames (@Siilenced and @Palmbomen).

The Bozewerkers ransom note reads as follows:

Oops your files are encrypted

Your pc has been encrypted by team Bozewerkers.
Please pay a amount of 5500 dollars in BTC to get your files back and ur pc.
You can contact us on telegram @Siilenced and discord BLOCK

Fill in the code you bought "dont try to guess bcs then ur pc is f***ked in a instant

How can ransomware like Bozewerkers enter your system?

Ransomware can enter your system in a variety of ways, including malicious links and attachments sent via email, malicious websites, and unsecured networks. It is important to be aware of the potential risks associated with these methods and take steps to protect yourself. For example, you should avoid clicking on suspicious links or downloading files from unknown sources. Additionally, it is important to keep your computer up-to-date with the latest security patches and antivirus software. Finally, you should always use secure networks when accessing the internet, as unsecured networks can be vulnerable to ransomware attacks. By taking these precautions, you can help protect yourself from ransomware like Bozewerkers.

What can you do to secure your files against ransomware similar to Bozewerkers?

You should back up your data regularly in a secure location such as an external hard drive or cloud storage service. This way, if ransomware does manage to encrypt your data, you will have a backup copy that can be used to restore your files without having to pay the ransom. Finally, it is important to use secure networks when accessing the internet as unsecured networks can be vulnerable to ransomware attacks. By taking these precautions, you can help protect yourself from ransomware like Bozewerkers.

Why simply removing the ransomware infection does not help?

Simply removing the ransomware infection will not help to restore your files because the encryption process is irreversible. Once the ransomware has encrypted your data, it is impossible to decrypt it without the decryption key, which is only available from the threat actors. Even if you manage to remove the ransomware from your system, your files will remain encrypted and inaccessible until you pay the ransom or obtain a copy of the decryption key. Therefore, it is important to back up your data regularly in a secure location so that you can restore your files in case of a ransomware attack.

January 20, 2023