The Barboza virus belongs to the Matrix ransomware type infection. This ransomware encrypts all user’s data on the PC (photos, documents, excel tables, music, videos, etc), adds its specific extension to every file, and creates the !_!WHERE-IS-MY-FILES!_!.rtf files in every folder which contains encrypted files.
Barboza Virus
☝️ Barboza can be correctly identify as a ransomware-type infection.
After the encryption process files will be renamed according to the pattern [[email protected]], which is laid in ransomware. Your photo, named an example “me.jpg” will be altered to “me.jpg.[8hX9i78d923].[[email protected]]” after the encryption.
!_!WHERE-IS-MY-FILES!_!.rtf file, which can be found in every folder that contains the encrypted files, is a ransom money note. Inside of it, you can find information about ways of contacting Barboza ransomware developers, and some other info. Inside of the ransom note, there is usually an instruction saying about purchasing the decryption tool. This decryption tool is created by ransomware developers.
Wаrning! Аll yоur filеs wеrе еnсryрtеd with strоng сrуptо аlgоrithm. It mеаns thаt yоu will nоt bе аblе tо аccеss thеm аnуmоrе until thеу аrе dесrуptеd with yоur pеrsоnаl dесrуptiоn kеy! Withоut уоur pеrsоnаl kеy аnd sреciаl sоftwаrе dаtа rеcоvеrу is impоssiblе! If yоu will fоllоw оur instruсtiоns, wе guаrаntее thаt yоu cаn dесryрt аll yоur filеs quiсkly аnd sаfеly! If yоu wаnt tо rеstоrе yоur filеs, plеаsе writе us tо thе е-mаil: [email protected] In subjеct linе оf mеssаgе writе yоur pеrsоnаl ID: - Tо cоnfirm thаt wе cаn dесryрt yоur filеs yоu cаn sеnd us up tо 3 filеs fоr frее dесrурtiоn. Plеаsе nоte thаt filеs fоr frее dесrурtiоn must NОT cоntаin аnу vаluаblе infоrmаtiоn аnd thеir tоtаl sizе must bе lеss thаn 5Mb. Yоu hаvе tо rеspоnd аs sооn аs pоssiblе tо еnsurе thе rеstрrаtiоn оf yоur filеs, bеcаusе wе wоnt kееp yоur dеcrуptiоn kеys аt оur sеrvеr mоre thаn оne wееk in intеrеst оf оur sеcuritу. Аnd hurrу uр! Еасh 12 hоurs thе pауmеnt sizе will bе аutоmаticаllу inсrеаsеd! Nоtе thаt аll thе аttеmpts оf dесryptiоn by yоursеlf оr using third pаrty tооls will rеsult оnly in irrеvосаble lоss оf yоur dаtа. If yоu did nоt rеcеivе thе аnswеr frоm thе аfоrеcitеd еmаil fоr mоrе then 24 hours, usе thе rеsеrvе е-mаil аddrеss: [email protected]
Here is a summary for the Barboza:
| Name | Barboza Virus |
| Extension | .[[email protected]] |
| Ransomware note | !_!WHERE-IS-MY-FILES!_!.rtf |
| Detection | PWS:Win32/Zbot!CIB, Ransom.Mock, Win32/GameHack.DTR potentially unsafe |
| Symptoms | Your files (photos, videos, documents) have a .[[email protected]] extension and you can’t open it. |
| Fix Tool | See If Your System Has Been Affected by Barboza virus |
The image below gives a clear vision of how the files with “.[[email protected]]” extension look like:
![Barboza Virus - encrypted .[barboza40@yahoo.com] files](https://howtofix.guide/wp-content/uploads/2021/03/Barboza-files-virus.jpg)
Example of encrypted .[[email protected]] files
How did I get Barboza ransomware on my computer?
That was a huge number of different ways of ransomware injection.
However, nowadays there are only two ways of Barboza injection – email spam and trojans. You may see a lot of messages on your email, stating that you need to pay different bills or to get your parcel from the local FedEx department. But all such messages are sent from unknown email addresses, not from familiar official emails of these companies. All such letters contain the attached file, which is used as a ransomware carrier. If you open this file – your system will get infected by Barboza.
In case of trojans presence, you will be offered to download and install ransomware on your PC under the guise of something legit, like a Chrome update, or update for the software you are storing on your computer. Sometimes, trojan viruses can be masked as legit programs, and ransomware will be offered for download as an important update, or a big pack of extensions which are essential for proper program functioning.
There is also the third way of ransomware injection, however, it becomes less and less popular day-to-day. I am talking about peering networks, such as torrents or eMule. No one can control which files are packed in the seeding, so you can discover a huge pack of different malware after downloading. If circumstances force you to download something from peering networks – scan every downloaded folder or archive with antivirus software.
How to remove Barboza virus?
In addition to encode a victim’s files, the Barboza infection has also started to install the Azorult Spyware on computer to steal account credentials, cryptocurrency wallets, desktop files, and more.
To ensure the user that ransomware distributors really have the decryption tool, they may offer to decrypt several encrypted files. And they are the single owners of this decryption program: Barboza ransomware is a completely new type, so there is no legit program from anti-malware vendors, which can decrypt your files. But such a situation is in momentum: decryption tools are updating every month.
However, paying the ransom is a bad decision, too. There is no guarantee that Barboza ransomware developers will send you the decryption tool and a proper decryption key. And there are a lot of cases when ransomware distributors deceived their victims, sending the wrong key or even nothing. In the majority of cases, there is a way to recover your files for free. Search for available backups, and restore your system using it. Of course, there is a chance that the backup you found is too old, and does not contain a lot of files you need. But, at least you will be sure that there is no malware in your system. However, to ensure that there are no malicious programs in your system after the backup, you need to scan your PC with anti-malware software.
Barboza ransomware is not unique. There are more ransomware of this type: Lockfiles, Nz, Crapsomware. These examples of ransomware act in a similar way: encrypting your files, adding a specific extension, and leaving a great number of ransom money notes in every folder. But there are two things which make difference between these ransomware – cryptography algorithm, which is used for file encryption, and ransom amount . In some cases, victims are able to decrypt their files without any payments, just using free solutions produced by several anti-malware vendors, or even with the decryption tool which is offered by ransomware creators. The last scenario is possible when ransomware distributors have typed your decryption key inside of a ransom money note. However, as you can already guess, such luck is a very rare thing. Ransomware is created for money gaining, not for jokes or scaring.
Reasons why I would recommend GridinSoft1
Download Removal Tool.
Run the setup file.
Press “Install” button.
Once installed, Anti-Malware will automatically run.
Wait for the Anti-Malware scan to complete.
Click on “Clean Now”.
Frequently Asked Questions
How сan I avoid ransomware attack?
Barboza ransomware doesn’t have a superpower.
You can easily protect yourself from its injection in several easy steps :
- Ignore all emails from unknown mailboxes with a strange unknown address, or with content that has likely no connection to something you are waiting for (can you win in a lottery without taking part in it?). If the email subject is likely something you are waiting for, check carefully all elements of the suspicious letter. A fake email will surely contain a mistake.
- Do not use cracked or untrusted programs. Trojans are often distributed as a part of cracked software, possibly under the guise of “patch” which prevents the license check. But untrusted programs are very hard to distinguish from trustworthy software, because trojans may also have the functionality you need. You can try to find information about this program on the anti-malware forums, but the best solution is not to use such programs.
Leave a Comment