Ballacks ransomware (virus) - Free Guide

What is Ballacks ransomware?

Ballacks ransomware is a VoidCrypt variant that locks personal files and asks for a payment

Ballacks ransomware is a malicious program that infects users' machines and locks all files on them

Many individuals have extensive collections of personal files on their laptops – photos, videos, home projects, and confidential documents – yet few believe they could ever lose access to them. Unfortunately, this happens when Ballacks ransomware – VoidCrypt variant – infiltrates a Windows computer and encrypts^[1] all the personal files situated there.

Typically, ransomware enters users' machines using some form of phishing, for example, spam emails that include malware-laced macros^[2] are one of the most common ways of being infected. Alternatively, some cybercriminals rely on more advanced methods, such as those exploiting software vulnerabilities on users' computers. In short, people don't install the virus on purpose.

Once on the system, the Ballacks virus would search for data to encrypt and would append the .ballacks extension to each of them immediately (user ID and email are also used – they are attached before the extension). Suchlike data would also lose the regular logos, making it immediately noticed that something's wrong.

Without being able to open files, users are often lost as to what to do next, and some answers are provided in the ReadthisforDecode.txt ransom note. We recommend not interacting with attackers and solving the problems in alternative ways, which we describe below.

About the VoidCrypt strain

Ballacks ransomware is one of the numerous variants of VoidCrypt, which is generally an established malware family operational since at least early-mid 2020. In these few years of its operation, crooks behind it had released dozens of variants we have previously talked about – HIP1, Angry, and 1more are just a few examples of such.

While the likes of other prominent ransomware families, such as Djvu, which consistently releases variants almost identical to one another (the extension differs), VoidCrypt authors take a little different approach, even though similarities are visible.

For example, all versions employ a similar pattern when using file appendixes (ID, email, and extension), although ransom notes themselves seem to be written individually for each variant – they also name the notes differently almost every time. While malware initially used AES and RSA encryption algorithms to lock data, this may vary with the newer versions.

Ballacks ransomware is a variant of VoidCrypt malware

How to tackle Ballacks virus infection correctly

Unfortunately, most people who get infected with ransomware are first-timers, which often means that they know little about the infection or how to handle it. Indeed, it is important to perform the steps in the correct order to avoid further damage to the encrypted files of the OS.

1. Remove malware after disconnecting the internet

When dealing with ransomware, the first thing to do is get it off of your computer. Because malware might be exchanging information with attackers over the internet, you should turn off your WiFi or Ethernet connection right away. You may then try downloading Malwarebytes or SpyHunter 5Combo Cleaner antivirus software and cleaning your PC completely to remove the infection at once.

It is important to note that in some cases, malware may interfere with the operation of security software to prevent victims from removing it. Most commonly, this is done in order to continue encrypting files or running other malware in the background. If that is the case for you, you can access Safe Mode and remove Ballacks ransomware from there:

Windows 7 / Vista / XP

1. Click Start > Shutdown > Restart > OK.
2. When your computer becomes active, start pressing the F8 button (if that does not work, try F2, F12, Del, etc. – it all depends on your motherboard model) multiple times until you see the Advanced Boot Options window.
3. Select Safe Mode with Networking from the list.

Windows 10 / Windows 8

1. Right-click on the Start button and select Settings.
   
2. Scroll down to pick Update & Security.
3. On the left side of the window, pick Recovery.
4. Now scroll down to find the Advanced Startup section.
5. Click Restart now.
6. Select Troubleshoot.
7. Go to Advanced options.
8. Select Startup Settings.
9. Click Restart.
10. Press 5 or click 5) Enable Safe Mode with Networking.

2. Attempt the file recovery

Encryption makes files unreadable without a key, which is often stored on a server operated by hackers. They can then use the user ID to figure out which key decrypts which victim's files. Each of the keys assigned to victims is different, hence it is not a password-for-all type of situation.

Data encryption and virus infection are two separate events, both of which should be addressed as distinct circumstances. This indicates that by scanning your computer with antivirus software, you will remove all dangerous files that would otherwise continue to operate and encrypt all incoming documents, for example. What this would not accomplish is restoring files, and they would remain locked. This is one of the most dangerous traits of ransomware.

While it is true that cybercriminals are likely to hold the key to Ballacks ransomware-encrypted files, it is never worth the risk of paying – you may lose your money along with files. Thus, we recommend going the alternative route, even though it may not be successful every time.

If you have data backups, you can restore your files as soon as you remove malware from your device. However, if you don't have them, you should first make copies of encrypted files first before proceeding with the following steps, or you may corrupt data beyond repair. Once done, you can start with data recovery software as such:

• Download Data Recovery Pro.
• Double-click the installer to launch it.
  
• Follow on-screen instructions to install the software.
• As soon as you press Finish, you can use the app.
• Select Everything or pick individual folders where you want the files to be recovered from.
• Press Next.
• At the bottom, enable Deep scan and pick which Disks you want to be scanned.
• Press Scan and wait till it is complete.
• You can now pick which folders/files to recover – don't forget you also have the option to search by the file name!
• Press Recover to retrieve your files.

Because of the work of security researchers, decryption tools for certain ransomware strains may also be developed. In some circumstances, competent authorities obtain the servers of criminal organizations and release their keys to the public – which is generally performed by reliable security companies. Here are a few links to get you started:

• No More Ransom Project
• Free Ransomware Decryptors by Kaspersky
• Free Ransomware Decryption Tools from Emsisoft
• Avast decryptors

Malware might be able to do a lot of harm to Windows systems, requiring a complete reinstallation in some situations. An infection, for example, may modify the Windows registry database, damage bootup files and other sections, remove or corrupt DLL^[3] files, and so on. Antivirus programs can't restore damaged files; instead, specialized software should be utilized – FortectIntego is one of the best options available.