The Barboza Ransomware is a file-locking Trojan that's part of a well-known family, the AES-Matrix Ransomware. Since the Barboza Ransomware can stop documents and other media from opening permanently, Windows users should have appropriate backups for protecting their files. Most anti-malware or PC security suites should identify and remove the Barboza Ransomware correctly, which has limited stealth features.
Hearing More from the Matrix of File Problems
After cutting its teeth on campaigns like the Relock Ransomware or the Kromber Ransomware, the AES-Matrix Ransomware family is back to its old habits with the latest Barboza Ransomware variant. Although there are other 2021 versions, such as the TRU8 Ransomware or the Restorfile Ransomware, the Barboza Ransomware eschews copying their 'homework' and makes a new ransom note for extorting money from Windows users.
The immediate impact of a Barboza Ransomware infection isn't very different from any of its relatives. It blocks the users' media files through encryption and gives them new extensions (in this case, a double or compound one, with an ID in one bracket set and an e-mail in a second set). It also sells an unlocking service for the affected documents, pictures, and other media – through both a wallpaper image and an RTF document.
Although the Barboza Ransomware doesn't include threats of leaking data to the public, it raises the ransom for recovering any files every twelve hours. Users should reconsider before paying; many threat actors provide buggy decryption services or ignore communications after getting their money. As in most cases, their victims can keep file-locker Trojans like the Barboza Ransomware from causing harm by having backups on other systems. Most Trojans of this class will delete local backups, although confirmation has yet to come in for this variant.
Cutting Off a Trojan Family's 'Customers'
Besides the generally-wise precaution of a backup, Windows users have many ways to keep their work safe from the Barboza Ransomware and its family. Network administrators should pay close attention to passwords, software updates and RDP settings. If ignored, all of these areas can become vulnerabilities for attackers searching for generally-weak servers susceptible to remote attacks.
Workers also may wish to be careful before opening e-mail attachments or social message-transferred downloads, which can harbor hidden threats. Many threat actors will disguise their attacks as invoices or other documentation specific to the industry or company in question. Macros also are a notable weak point worth leaving off in most cases.
Although home users are less at risk from most AES-Matrix Ransomware campaigns, they aren't immune to data encryption attacks. Users should avoid illegal and unofficial download resources and protect their PCs with dedicated anti-malware tools for automatically removing the Barboza Ransomware.
The Barboza Ransomware may use more than one way of getting into victims' computers. Whatever tactics its threat actors pull, users who don't have a backup at the ready are almost certain to regret the lack of one.