Barrax Ransomware
Posted: February 26, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 19 |
| First Seen: | February 26, 2017 |
|---|---|
| OS(es) Affected: | Windows |
The Barrax Ransomware is a Hidden Tear-based Trojan that collects money by encoding your files and selling the decoding solution. Besides the possibility of free decryptors deciphering the Barrax Ransomware's payload, malware experts continue deeming remote backups as particularly viable defenses against this style of attack. You should use one or more anti-malware programs to detect and delete the Barrax Ransomware during any installation attempts, such as e-mail attachments or scripts.
A Fresh Batch of Tears from the Web
Hidden Tear appears set to be the most popular family of file-encrypting threats in the first quarter of 2017, with more threat actors preferring it over more expensive or technically-demanding alternatives. As one of the several examples of this group's persistence in February, alone, the Barrax Ransomware benefits from locking its victim's files by using these digital 'hostages' for extorting money. No data is available yet concerning the Trojan's infection vectors. Malware experts often tie Trojan campaigns of this sub-type to spam e-mails sent to businesses or unprotected, RDP-enabled systems.
However it manages to install itself, the Barrax Ransomware commences its attacks by enumerating the drives on your PC, searching for files with formats and locations under the specification of its threat actor. The Barrax Ransomware uses an AES-based algorithm for locking your files through an encrypting cipher. For the sake of visual identification, it also adds the custom '.BarRax' extension after any default extension in the name.
Other, notable elements of the Barrax Ransomware include the establishment of a server connection for transferring pertinent data about the attack, such as the decryption info, and the promotion of a support forum in its decryptor-ransoming messages. At the time of this article's authorship, the forum appears to be down, with links redirecting the Web surfer to a cloud hosting service. The site shows no visible signs of hosting unsafe content, such as drive-by-download or scripted exploits, that could install more threats, besides the Barrax Ransomware.
Drying Your Eyes After a Little Encrypting Problem
Although con artists appreciate the baseline ease-of-use that Hidden Tear provides, this platform of Trojan development also includes certain drawbacks. Among these, the most relevant for an already-affected victim is that free decryption is often possible. Contact cyber security experts with experience in the Hidden Tear family for any additional help needed to recover your content from the Barrax Ransomware. Paying a con artist's ransom always should be considered after any other data restoration methods are fully spent.
Threat actors may try to install the Barrax Ransomware after compromising a system with weak security standards, such as open ports and passwords strong insufficiently. Other strategies may conceal Trojan installation packages, such as Zlob, within e-mail-attached archives and documents. However, more than half of most major brands of anti-malware programs, currently, detect this threat accurately, which would allow for deleting the Barrax Ransomware without its payload's launching.
The people responsible for Trojan campaigns requiring compliance from the people they attack often develop sophisticated 'support' sub-systems to provide this persuasion. In general, the results of paying the ransom that threats like the Barrax Ransomware demand are less than optimal and come with none of the guarantees or protections that a more ordinarily legal cash transaction entails. Always consider all available choices before taking a first step towards recovering your files.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.