Balbaz Ransomware

What is Balbaz Ransomware?

Balbaz Ransomware is a newly released ransomware-type computer infection that can encrypt your files and then demand that you pay a ransom to decrypt them. Therefore, an anti-malware program is a must to remove it as soon as it infects your PC or even before it could get on it in the first place. However, if you do not have such a program, then your files can be encrypted using Advanced Encryption Standard (AES) that will make your files useless piles of bytes. Therefore, protecting your PC from malware such as this one is vital because, otherwise, it can render your valuable files useless and there is no telling whether its developers will send you the decryption tool needed to decrypt them even after you have paid.testtesttest

Where does  Balbaz Ransomware come from?

Our cyber security experts at have determined that this ransomware is disseminated using email spam. They say that it is based on the Hidden-Tear project, much like Matroska Ransomware, Oxar Ransomware, and Unikey Ransomware. Therefore, like the other ransomware mentioned here, Balbaz Ransomware should be distributed via email. Its developers have probably set up a dedicated email server that sends fake emails to a list of obtained email addresses. The emails can pose as invoice or receipts from well-known companies or even tax return forms. The emails should have this ransomware included as an attached file that can be disguised as a PDF or MS Word (.doc, .docx) document. If you open or download and then open that file, then your PC will become infected with Balbaz Ransomware, and then you will have a big problem on your hands.

What does Balbaz Ransomware do?

As mentioned in the introduction, this ransomware was designed to encrypt your files with an Advanced Encryption Standard (AES) that ensures a strong encryption. As far as we know, there is no free decryption tool available for this particular ransomware. Our researchers say that this ransomware can encrypt many file formats with a focus on file types that hold images/pictures, videos, documents, audio files, and so on to encrypt as much personal and valuable information as possible. This ransomware adds a second .WAmarlocked extension to the end of each encrypted file. The extension serves as a file marker. Once the encryption is complete, this ransomware is set to drop a ransom note named "READ_IT.txt." This fill contains information on how to pay the ransom. There are two versions of this ransomware because they drop slightly different ransomware files. The most commonly dropped ransom note reads as follows:

This computer has been hacked

Your personal files have been ecrypted. Send me BTC or food to get decryption passcode.

After that, you'll be able to see your beloved files again.

With love... Balbaz Project :')

An alternative version of the ransom note says “Hidden Tear Project” instead of “Balbaz Project.” The note contains links to websites you are instructed to go to pay the ransom. The sum to be paid is no specified and it is stated that you will receive the decryption key after the payment is sent. However, we want to point your attention to the possibility that this ransomware’s developers might not keep their word and send you the decryption key. Also if you do not have important files on your PC, then paying a substantial sum of money for insignificant files is just a waste of money.

How do I remove Balbaz Ransomware?

Without a doubt, Balbaz Ransomware is one dangerous computer infection that can enter your PC if it is unprotected. It targets many files and encrypts them, so your most valuable files are vulnerable to this ransomware. If your PC becomes infected with and it happens to encrypt your files, you should know that there is no guarantee that the ransomware developers will keep their word and send you the decryption key. Therefore, we recommend that you remove Balbaz Ransomware from your PC. You can use an Anti-malware program such as SpyHunter, but you can also delete the malicious files manually by following the guide below.

Manual Removal Guide

  1. Press Windows+E keys.
  2. Type %HOMEDRIVE%\user\Rand123 or %HOMEDRIVE%\user  in the address bar.
  3. Hit Enter.
  4. Locate a file named local.exe, ransom.png$ or ransom.jpg$.
  5. Right-click it and click Delete.
  6. Close the File Explorer window.
  7. Press Windows+R keys.
  8. Type regedit in the box and hit Enter.
  9. Navigate to HKCU\Control Panel\Desktop
  10. Find the Wallpaper subkey.
  11. Right-click it and click Modify.
  12. Erase C:\\user\\ransom.jpg from the value data line.
  13. Close the Registry Editor.
  14. Right-click the Recycle Bin and click Empty the Recycle Bin. 100% FREE spyware scan and
    tested removal of Balbaz Ransomware*

Leave a Comment

Enter the numbers in the box to the right *