Home Malware Programs Ransomware Barrax Ransomware

Barrax Ransomware

Posted: February 26, 2017

Threat Metric

Threat Level: 10/10
Infected PCs: 19
First Seen: February 26, 2017
OS(es) Affected: Windows


The Barrax Ransomware is a Hidden Tear-based Trojan that collects money by encoding your files and selling the decoding solution. Besides the possibility of free decryptors deciphering the Barrax Ransomware's payload, malware experts continue deeming remote backups as particularly viable defenses against this style of attack. You should use one or more anti-malware programs to detect and delete the Barrax Ransomware during any installation attempts, such as e-mail attachments or scripts.

A Fresh Batch of Tears from the Web

Hidden Tear appears set to be the most popular family of file-encrypting threats in the first quarter of 2017, with more threat actors preferring it over more expensive or technically-demanding alternatives. As one of the several examples of this group's persistence in February, alone, the Barrax Ransomware benefits from locking its victim's files by using these digital 'hostages' for extorting money. No data is available yet concerning the Trojan's infection vectors. Malware experts often tie Trojan campaigns of this sub-type to spam e-mails sent to businesses or unprotected, RDP-enabled systems.

However it manages to install itself, the Barrax Ransomware commences its attacks by enumerating the drives on your PC, searching for files with formats and locations under the specification of its threat actor. The Barrax Ransomware uses an AES-based algorithm for locking your files through an encrypting cipher. For the sake of visual identification, it also adds the custom '.BarRax' extension after any default extension in the name.

Other, notable elements of the Barrax Ransomware include the establishment of a server connection for transferring pertinent data about the attack, such as the decryption info, and the promotion of a support forum in its decryptor-ransoming messages. At the time of this article's authorship, the forum appears to be down, with links redirecting the Web surfer to a cloud hosting service. The site shows no visible signs of hosting unsafe content, such as drive-by-download or scripted exploits, that could install more threats, besides the Barrax Ransomware.

Drying Your Eyes After a Little Encrypting Problem

Although con artists appreciate the baseline ease-of-use that Hidden Tear provides, this platform of Trojan development also includes certain drawbacks. Among these, the most relevant for an already-affected victim is that free decryption is often possible. Contact cyber security experts with experience in the Hidden Tear family for any additional help needed to recover your content from the Barrax Ransomware. Paying a con artist's ransom always should be considered after any other data restoration methods are fully spent.

Threat actors may try to install the Barrax Ransomware after compromising a system with weak security standards, such as open ports and passwords strong insufficiently. Other strategies may conceal Trojan installation packages, such as Zlob, within e-mail-attached archives and documents. However, more than half of most major brands of anti-malware programs, currently, detect this threat accurately, which would allow for deleting the Barrax Ransomware without its payload's launching.

The people responsible for Trojan campaigns requiring compliance from the people they attack often develop sophisticated 'support' sub-systems to provide this persuasion. In general, the results of paying the ransom that threats like the Barrax Ransomware demand are less than optimal and come with none of the guarantees or protections that a more ordinarily legal cash transaction entails. Always consider all available choices before taking a first step towards recovering your files.

Loading...