Blue Hexagon Blog

Ransomware Families – Booyah

Booyah ransomware was originally discovered in April 2016. 

Named for the executable which is named Booyah.exe which installs itself to the victims system and uses the included DLL to encrypt files.

Delivered through email with malicious Microsoft Word documents with macros or PDF exploits. 

(A sample ransom note)

Your ID: 758275

* * *

Hi. Your files are now encrypted. I have the key to decrypt them back.

I will give you a decrypter if you pay me. If you pay me today, the price is only 1 bitcoin.

If you pay me tomorrow, you will have to pay 2 bitcoins. If you pay me one week later the price

\will be 7 bitcoins and so on. So, hurry up.

If you are interested in learning about other Ransomware families that we have published research reports on you can read more here