The Barrax Ransomware is one of the many variants of HiddenTear, an open source ransomware engine that was released in 2015 publicly for 'educational purposes.' Unfortunately, since its release, HiddenTear has spawned countless threats based on its code. The Barrax Ransomware is just one of the many ransomware Trojans that have been released since August 2015, when HiddenTear first made its appearance. The Barrax Ransomware was first released in February 2017 and is likely to be distributed using corrupted email attachments, as well as by bundling threats with free software and media distributed online for free or through file sharing websites and networks. Once the Barrax Ransomware infects a computer, it will make the victim's files inaccessible completely to demand the payment of a ransom. This is what makes the Barrax Ransomware and other ransomware Trojans so threatening. Even if the Barrax Ransomware infection itself is removed with the help of a reliable security application, the compromised files will remain inaccessible.
Table of Contents
The Barrax Ransomware can Execute Differentiated Attacks
The Barrax Ransomware is mainly designed to infect computers running a 32-bit version of the Windows operating system. However, the Barrax Ransomware also can run on 64-bit versions of Windows. The Barrax Ransomware is contained in a very small file and its attack uses a combination of the AES-256 and RSA-2048 encryptions to make its victims' files inaccessible completely. The Barrax Ransomware's executable file has been identified as 'BarraxCrpt.exe,' although some versions may even skip re-branding the original HiddenTear source and use a file named 'hidden-tear.exe' to carry out the encryption attack. The Barrax Ransomware can be customized to carry out different attacks, targeting dissimilar file types or displaying a different ransom message after each attack. In the case of the most common version of the Barrax Ransomware being distributed, the following file types will be targeted during the attack:
.3GP, .7Z, .APK, .AVI, .BMP, .CDR, .CER, .CHM, .CONF, .CSS, .CSV, .DAT, .DB, .DBF, .DJVU, .DBX, .DOCM, ,DOC, .EPUB, .DOCX .FB2, .FLV, .GIF, .GZ, .ISO .IBOOKS,.JPEG, .JPG, .KEY, .MDB .MD2, .MDF, .MHT, .MOBI .MHTM, .MKV, .MOV, .MP3, .MP4, .MPG .MPEG, .PICT, .PDF, .PPS, .PKG, .PNG, .PPT .PPTX, .PPSX, .PSD, .RAR, .RTF, .SCR, .SWF, .SAV, .TIFF, .TIF, .TBL, .TORRENT, .TXT, .VSD,.WMV, .XLS, .XLSX, .XPS, .XML, .CKP, .ZIP, .JAVA, .PY, .ASM, .C, .CPP, .CS, .JS, .PHP, .DACPAC, .RBW, .RB, .MRG, .DCX, .DB3, .SQL, .SQLITE3, .SQLITE, .SQLITEDB, .PSD, .PSP, .PDB, .DXF, .DWG, .DRW, .CASB, .CCP, .CAL, .CMX, .CR2.
How the Barrax Ransomware Carries out Its Attack
The Barrax Ransomware will search for the file types listed above on the victim's computer, which will often compromise numerous files that would have value to the affected computer. These files are then encrypted using the Barrax Ransomware's strong encryption method. The extension '.BarRax' is added to the end of each infected files' name, which identifies each file compromised in the attack clearly. Once a file has been encrypted using the Barrax Ransomware, its contents become completely inaccessible. The Barrax Ransomware takes those files hostage, holding on to the decryption key that is needed to decipher the affected files. After encrypting the victim's data, the Barrax Ransomware displays a ransom note asking for money, generally an amount of 0.5 and 1 BitCoin, which is approximate $600 to $1300 USD at the current exchange rate.
Dealing with a Barrax Ransomware Infection
Unfortunately, once the files have been compromised by a threat like the Barrax Ransomware, they may not be recoverable without the decryption key. However, computer users should refrain from paying the Barrax Ransomware ransom since this allows the creators of the Barrax Ransomware to continue creating threats and claiming new victims. It is mandatory for computer users to establish protective measures on their computers to limit the damage from a Barrax Ransomware attack. These measures include having backups of all files on an offline memory device and a reliable security program installed.