What is RansomBoggs Ransomware
Also known as Sullivan, RansomBoggs is a ransomware infection designed to encrypt data and demand payment for decryption afterwards. Recent research showed that this virus has had numerous attacks on various organizations placed in Ukraine. During encryption, RansomBoggs renames all targetted files with the .chsch extension. For example, a file originally titled as 1.pdf will change to 1.pdf.chsch and become no longer accessible. Following this, the ransomware also creates its own note (SullivanDecryptsYourFiles.txt) with decryption instructions.
Dear human life form!
This is James P. Sullivan, an employee of Monsters, Inc.
Recently our company has again expecienced great financial problems and we require some cash to move on with our electronic crap.
So we are relying on you in these hard times and are crying for help.
I am extremely sorry for the inconvenience but I am currently encrypting your documents using AES-128.
This key is encrypted using RSA public key and saved to aes.bin file:
[ C:\Users\*****\Desktop\aes.bin ] Please, DO NOT WORRY! I have a decrypting functionality too.
Just don't delete aes.bin, please. You will need it!
You just need to contact me:
m0nsters-inc@proton.me
hxxps://t.me/m0nsters_inc
TOX 76F64AF81368A06D514A98C129F56EF09950A 8C7DF19BB1B839C996436DCD36A6F27C4DF00A6
Attackers behind RansomBoggs Ransomware impersonate the name of James P. “Sulley” Sullivan – one of the main characters from a well-known Disney cartoon called Monsters, Inc. Overall, despite a lot of irrelevant information, the message urges victims to establish contact with cybercriminals – either by e-mail, via Telegram, or Tox messenger. After doing so, cybercriminals will most likely announce the price for decryption and demand payment from victims. An interesting detail is that cybercriminals claim their virus encrypted files using AES-128 algorithms, however, this information is false and it was recently found that the ransomware uses AES-256 instead. Unfortunately, in the majority of cases, file decryption is barely possible without the involvement of initial ransomware developers. For now, there are no free officially working third-party tools that could deliver successful decryption for .chsch files. You can give a try to some reputable third-party decryptors from our guide, however, we are unable to promise their effectiveness with this infection specifically. Generally, all ransomware that was developed without bugs and flaws ensures secure data encryption, which is hard to unlock without developers. The only two ways victims can return their data in full capacity is either to collaborate with cybercriminals or restore files from backup (i.e. copies of files stored on unplugged or online devices). Please be aware that although cybercriminals are capable of decrypting the files, many of them end up scammers and do not send any decryption tools even after the completed payment. If you decide to recover or try to decrypt your data without the help of cybercriminals, make sure you delete RansomBoggs Ransomware from your computer. This is important to prevent any further malicious activity performed by the virus. Follow our guide below to do this.
How RansomBoggs Ransomware infected your computer
Computer users get typically infected via e-mail spam letters, trojans, deceptive third-party downloads, fake software updates/installers, backdoors, keyloggers, botnets, system exploits, and other channels as well. As a rule, users get caught when some malicious file is opened or installed. For instance, ransomware can often be disguised as some legitimate file (.DOCX, .XLSX, .PDF, .EXE, .ZIP, .RAR, or .JS extensions) in an e-mail letter that mimics names of legal companies/entities (e.g., delivery companies, tax authorities, banks, and so forth). Such files may be named in a click-bait way to reflect some “importance”, “urgency” or simply raise curiosity in the mind of users. If the attached content ends up opened according to cybercriminals’ guidelines, the contained infection will be likely deployed for installation on the targeted system. A similar infection pattern can be seen in other distribution channels as well, for instance, when users download some pirated or cracked version of the software from a shady resource. While the installation of such software may look completely unsuspicious, the final result may be inadvertent infection of malware. Thus, beware of interacting with dubious download sources, torrent-sharing pages, suspicious ads, potentially malicious attachments/links, and other kinds of content. Download software only from official resources to prevent drive-by (stealth) installations of malware. Also, read our guide below to learn more about establishing protection against threats like ransomware (or other malware) in the future.
- Download RansomBoggs Ransomware Removal Tool
- Get decryption tool for .chsch files
- Recover encrypted files with Stellar Data Recovery Professional
- Restore encrypted files with Windows Previous Versions
- Restore files with Shadow Explorer
- How to protect from threats like RansomBoggs Ransomware
Download Removal Tool
To remove RansomBoggs Ransomware completely, we recommend you to use SpyHunter 5. It detects and removes all files, folders, and registry keys of RansomBoggs Ransomware. The trial version of Spyhunter 5 offers virus scan and 1-time removal for FREE.
Alternative Removal Tool
To remove RansomBoggs Ransomware completely, we recommend you to use Norton Antivirus from Symantec. It detects and removes all files, folders, and registry keys of RansomBoggs Ransomware and prevents future infections by similar viruses.
RansomBoggs Ransomware files:
SullivanDecryptsYourFiles.txt
{randomname}.exe
RansomBoggs Ransomware registry keys:
no information
How to decrypt and restore .chsch files
Use automated decryptors
Download Kaspersky RakhniDecryptor
Use following tool from Kaspersky called Rakhni Decryptor, that can decrypt .chsch files. Download it here:
There is no purpose to pay the ransom because there is no guarantee you will receive the key, but you will put your bank credentials at risk.
Dr.Web Rescue Pack
Famous antivirus vendor Dr. Web provides free decryption service for the owners of its products: Dr.Web Security Space or Dr.Web Enterprise Security Suite. Other users can ask for help in the decryption of .chsch files by uploading samples to Dr. Web Ransomware Decryption Service. Analyzing files will be performed free of charge and if files are decryptable, all you need to do is purchase a 2-year license of Dr.Web Security Space worth $120 or less. Otherwise, you don’t have to pay.
If you are infected with RansomBoggs Ransomware and removed from your computer you can try to decrypt your files. Antivirus vendors and individuals create free decryptors for some crypto-lockers. To attempt to decrypt them manually you can do the following:
Use Stellar Data Recovery Professional to restore .chsch files
- Download Stellar Data Recovery Professional.
- Click Recover Data button.
- Select type of files you want to restore and click Next button.
- Choose location where you would like to restore files from and click Scan button.
- Preview found files, choose ones you will restore and click Recover.
Using Windows Previous Versions option:
- Right-click on infected file and choose Properties.
- Select Previous Versions tab.
- Choose particular version of the file and click Copy.
- To restore the selected file and replace the existing one, click on the Restore button.
- In case there is no items in the list choose alternative method.
Using Shadow Explorer:
- Download Shadow Explorer program.
- Run it and you will see screen listing of all the drives and the dates that shadow copy was created.
- Select the drive and date that you want to restore from.
- Right-click on a folder name and select Export.
- In case there are no other dates in the list, choose alternative method.
If you are using Dropbox:
- Login to the DropBox website and go to the folder that contains encrypted files.
- Right-click on the encrypted file and select Previous Versions.
- Select the version of the file you wish to restore and click on the Restore button.
How to protect computer from viruses, like RansomBoggs Ransomware , in future
1. Get special anti-ransomware software
Use ZoneAlarm Anti-Ransomware
Famous antivirus brand ZoneAlarm by Check Point released a comprehensive tool, that will help you with active anti-ransomware protection, as an additional shield to your current protection. The tool provides Zero-Day protection against ransomware and allows you to recover files. ZoneAlarm Anti-Ransomware is compatible with all other antiviruses, firewalls, and security software except ZoneAlarm Extreme (already shipped with ZoneAlarm Anti-Ransomware) or Check Point Endpoint products. The killer features of this application are: automatic file recovery, overwrite protection that instantly and automatically recovers any encrypted files, file protection that detects and blocks even unknown encryptors.
2. Back up your files
As an additional way to save your files, we recommend online backup. Local storage, such as hard drives, SSDs, flash drives, or remote network storage can be instantly infected by the virus once plugged in or connected to. RansomBoggs Ransomware uses some techniques to exploit this. One of the best services and programs for easy automatic online backup is iDrive. It has the most profitable terms and a simple interface. You can read more about iDrive cloud backup and storage here.
3. Do not open spam e-mails and protect your mailbox
Malicious attachments to spam or phishing e-mails are the most popular method of ransomware distribution. Using spam filters and creating anti-spam rules is good practice. One of the world leaders in anti-spam protection is MailWasher Pro. It works with various desktop applications and provides a very high level of anti-spam protection.
