Home Malware Programs Ransomware Bart Ransomware

Bart Ransomware

Posted: June 27, 2016

Threat Metric

Threat Level: 10/10
Infected PCs: 61
First Seen: June 27, 2016
OS(es) Affected: Windows

The Bart Ransomware is a data encryption Trojan whose purpose is to encode your work-related data, and then drop a ransom message on your computer. Symptoms of this infection may include the presence of the above notes, changes to your desktop's background, and the replacement of your files with password-protected ZIP archives. The Bart Ransomware's distribution methods do use general Trojan downloaders capable of installing other threats, which is one reason why malware experts recommend the use of general anti-malware solutions for removing the Bart Ransomware.

The Young, Rebel Trojan with a Cause

What lies inside of a Trojan may be strikingly dissimilar to its external appearance and symptoms as one might see in the Bart Ransomware campaign. Although this Trojan shares many characteristics with a major variant of the '.locky File Extension' Ransomware, its code is almost entirely different, and its encryption technique is similarly divergent. However, its ransom payment and delivery strategies are sufficiently similar to the '.locky File Extension' Ransomware that current estimates are that the same group of con artists is responsible for both campaigns.

The Bart Ransomware delivers itself to vulnerable systems through a Trojan downloader, RockLoader, which disguises itself as a safe e-mail attachment. Opening the archive (named to look like a bundle of image files) launches RockLoader's JavaScript-based attack, which installs the Bart Ransomware. Malware experts saw linguistic variants of the Bart Ransomware's deployment parameters for multiple languages, although, so far, only American PC systems have been subject to significant attacks. Russian and Russia-neighboring regions also appear to be explicitly excluded.

The Bart Ransomware's encryption payload targets data types such as AVI, DOC, PPT, TXT and XLS. Instead of encoding the files and then adding an arbitrary extension to each one, the Bart Ransomware compresses each one into a separate ZIP archive with password protection. This relatively comprehensible form of data blockade concludes with a ransom note and background swap, both of which ask for a 3 Bitcoin payment (roughly two thousand USD) for recovering the compressed data.

Sending the Latest File Encryptor to Sit in the Corner

The '.locky File Extension' Ransomware and the Bart Ransomware share a great deal of their ransom payment-processing components with each other. However, the Bart Ransomware has crucial differences from the older Trojan, including being able to act without passing information to an external C&C server. Additionally, the Bart Ransomware may not be the only threat deposited on a compromised system; RockLoader also is known for distributing other threats, and its authors also are responsible for the Dridex banking spyware.

Paying a con artist to restore your data may not always have the intended consequences. Although the Bart Ransomware's authors are unlikely of committing amateur coding mistakes that would make decryption impossible from their end, they also have no motivation for providing services after receiving payment. As always, making regular backups not residing on a local drive is the simplest strategy for overwriting data impacted by hostile file encoding.

Malware experts only can date the Bart Ransomware's campaign as far back as late June. The potential development of free software solutions to the Bart Ransomware is ongoing, but until then, protecting your PC from the Bart Ransomware's attacks will offer the most defense to your data. In cases of suspected attacks, such as contact with a compromised e-mail attachment, scan the system with all applicable anti-malware tools for removing the Bart Ransomware immediately, if not necessarily restoring any content.

Related Posts

Loading...