Get Even More Visitors To Your Blog, Upgrade To A Business Listing >>
Idioma: En

Barrax Ransomware

[template:parasites-id:Barrax Ransomware]
The HiddenTear open-source ransomware project continues to be one of the most popular tools in the eyes of cyber crooks who want to explore the field of crypto-threats. The latest addition to the list of ransomware-based on HiddenTear/EDA2 is the Barrax Ransomware, a threat that is, thankfully, decryptable. Although the authors have not taken their time to come up with a more clever way to encrypt the files of their victims, they’ve decided to take a unique approach when it comes to communicating with their victims. Instead of using an e-mail address, BitMessage ID, or another popular method of communication, they set-up an online forum where victims can talk to each other and their attackers as well. However, the authors of the Barrax Ransomware appear to have a slight problem with their budget, since they’ve already depleted the hardware resources provided by their forum hosting company, and their online forum is offline currently.

Related Articles

The extension that the Barrax Ransomware uses to mark the files it encrypts is ‘.BarRax’ (e.g. ‘leave.xlsx’ will be renamed to ‘leave.xlsx.BarRax’). We haven’t yet obtained a copy of the ransom message that the Barrax Ransomware leaves, but it is likely that the message will simply refer users to the forum that the attackers use. As you can probably guess, the purpose of the Barrax Ransomware is to convince computer users to pay money to get their data back. The good news is, however, that the Barrax Ransomware uses a flawed encryption, and users can get their files back without paying any money to the attackers. In fact, there’s no need even to visit the forum seen in the ransom message, since you are not likely to find any help there!

Recovering the files locked by the Barrax Ransomware is a straightforward process, but there is one requirement – you need to obtain at least one original copy of a file that was locked by the Barrax Ransomware. HiddenTear decrypters work by comparing the structure of the encrypted and original file and extract the information required to generate the decryption key. Once this is complete, the decryptor just needs a few minutes to restore the original state of all files that were harmed by the Barrax Ransomware’s attack. Victims of this threat should not forget that the recovery of their files should only be carried out after they’ve made sure that the Barrax Ransomware has been fully removed from their computers. The most convenient way to do this is to run a reputable anti-malware scanner that will detect and erase all components associated with the threatening application.
[template:aliases][template:removal][template:technical_title][template:files][template:registry][template:additional]



This post first appeared on SpywareRemove, please read the originial post: here

Share the post

Barrax Ransomware

×

Subscribe to Spywareremove

Get updates delivered right to your inbox!

Thank you for your subscription

×