BARRACUDA ransomware is the latest offering from Scarab cryptovirological family. This ransomware strain has been discovered by security researchers in its fully developed phase i.e. it can run encryption on every file stored on the affected device. The locked down files gets appended with the extension ‘BARRACUDA’.
Amount of extortion money is not mentioned in the ransom note left by the operators on the affected device. However, they ask the victims to create a Bitcoin wallet. This implies they also want to get collect the ransom in the form of Bitcoin like the rest of ransomware operators.
Many times rooky ransomware operators fail to develop the decryption key for the encryption module used in the cryptovirological code. Therefore, they offer decryption of one locked file as a proof that they have the complete decrypter for the ransomware.
BARRACUDA operators are using spam email campaigns to deliver the ransomware payload. This shows that an organized cybercrime group is behind the development of this ransomware since spam email campaigns are usually carried out through botnets, which are at the disposal of skilled cybercriminals only.
BARRACUDA Remains Invisible
BARRACUDA ransomware strain infiltrates into the registry editor of Windows OS to achieve invisibility. This means users only come to know about the presence of ransomware on their devices when encryption has already locked down the files. Researchers have also noted that BARRACUDA ransomware strain completes all backend operations before starting the encryption process.
All these protocols make the activity of this ransomware more deadly. For that reason, most of the security tools remain ineffective in detecting and preventing this ransomware’s activity. Only professional ransomware removal measures can help in disinfecting the infected device and getting its control back. Besides that, data backups will also come in handy in the aftermath of BARRACUDA ransomware activity.