What is BoY ransomware?
BoY is a harmful program classified as ransomware by security experts. That is because it encrypts the files on victims’ computers and then demands money for decryption. BoY belongs to the Xorist ransomware family, and behaves similarly to other Xorist viruses (e.g. ZeRy).
When BoY encrypts the victims’ files, it also renames them. This is done to make sure that the attack is perceived as an attack, not dismissed as a computer glitch. All encrypted files receive .BoY file extension. This is how the virus got its name; encrypted files’ extension is the best distinguishing feature of most ransomware programs.
To communicate their demands, the hackers behind the virus made BoY leave a ransom note, “HOW TO DECRYPT FILES.txt”, pictured above. Additionally, the virus creates a pop-up window, which contains the same text as the note.
The hackers demand 0.06 BTC; at the date of writing, this is equal to 1250 US dollars. Quite expensive, isn’t it? Don’t worry, though. The guide below contains several ways to remove .BoY ransomware and decrypt .BoY files, which you can use if you can’t afford the payment. That said, you’re advised not to pay the hackers even if you can afford it; after all, they might simply take your money and disappear.