Barak Ransomware

The Barak Ransomware is a file-locking Trojan from the Phobos Ransomware's family, a branch of the Crysis Ransomware. Infections can stop your files from opening by modifying them with AES encryption, and conduct other attacks conducive to blocking your data recovery efforts. Let your anti-malware products delete the Barak Ransomware when possible and store backups on separate devices for safety.

Old Fears of Trojans are Rising Anew

A possible typo in a new Trojan could be misstepping its efforts at referencing a bygone political era. The next version of the Phobos Ransomware's family, the Barak Ransomware, is circulating with two variants, but neither one is correctly spelling the last US president's first name. Whether the missing C from its name is deliberate or not is questionable, but what isn't is the Barak Ransomware's payload, which includes AES encryption and supporting features for blocking and ransoming files.

The Barak Ransomware uses the same encryption method as relatives like the Adame Ransomware, the Banta Ransomware, the 'fobosamerika@protonmail.ch' Ransomware or the 'tedmundboardus@aol.com' Ransomware. This sub-family of the Crysis Ransomware's Ransomware-as-a-Service blocks digital media on PCs such as documents or pictures with AES encryption. Additional, RSA encryption keeps users from unlocking the files. Depending on its version, the Barak Ransomware may append either 'Barak' or 'barak' as a new extension, which is a string that malware analysts haven't seen in use previously.

While other features of the Barak Ransomware's family are traditional relatively, they also provide significant obstacles against any recovering of the victim's media. Malware analysts point out, especially, the Barak Ransomware's capacity for wiping the Shadow Volume Copies or the Restore Points, the disabling of system startup-related warnings, and deactivating the Windows firewall security. These commands, like the rest of the Barak Ransomware's payload, show no apparent symptoms while they're occurring.

Trimming Down a Sprawl of Familial Trojans

The Barak Ransomware is another case for making backups on other devices besides Internet-connected, personal computers. Since unlocking options for this family are not freely available, users have limited opportunities for getting their files back in any other way. Paying the ransom is a theoretical possibility that remains a high-risk tactic since criminals always could take the money and run.

Ransomware-as-a-Service families can use very variable infection techniques, and malware researchers have yet to determine which ones the Barak Ransomware's samples are using. Users should be cautious of the following security risks, especially:

• Unsafe login combinations can invite attackers into brute-forcing a target and dropping file-locking Trojans, or other threats, onto the system.
• E-mail messages may contain crafted attachments with embedded vulnerabilities, especially macro-based ones, for installing unwanted programs.
• Torrents and third-party download websites are favored by some threat actors, primarily, by using disguises associated with illegal content, like key generators.

Along with precautions specific to each of the above, Windows users should be careful about enabling Flash, JavaScript, or Java in their browsers, and install security patches as they're available. Most anti-malware programs should remove the Barak Ransomware safely but can't unlock any media.

The meaning of the Barak Ransomware's name isn't that relevant to anyone who's affected by it. A file-locker Trojan's attack is no better or worse than that of any other member of its family – a security problem that may not be curable to anyone without backups.