Clik here to view.
Security firm Bitdefender has released a free tool to help Windows users who have been hit by the Bart ransomware.
The Bart Ransomware Decryption Tool has been created in co-operation with Europol and the Romanian police, who are supporting the “No More Ransom” initiative started by Europol’s European Cyber Crime Centre.
The Bart ransomware was discovered by security researchers in July 2016 when they found spam with the subject line “Photos”, having an attached zip file that contained malicious JavaScript.
The ransomware encrypts files on machines without an Internet connection and prompts victims to pay US$2000 to get their files decrypted.
{loadposition sam08}Bitdefender said in a statement that the Bart Ransomware Decryption tool could decrypt files with the “.bart.zip”, “.bart” and “.perl” extensions. It can also be downloaded from the “No More Ransomware” website from 4 April.
Any user who tries to use the attackers' decryption process requires an Internet connection to access the command and control server, to transfer bitcoins and receive the decryption key.
Bart works as under:
- Deletes system restore points;
- Generates a seed to create an encryption key using information from the victim’s machine;
- Enumerates files and encrypts them with the generated key;
- Uses a master key to encrypt the key used to encrypt the files (this becomes the victim’s unique id - UID); and
- Displays ransom note and redirects to a .onion website (the URL contains the victim’s UID).
In the US, the FBI has urged people and businesses hit by ransomware not to yield to the attackers' demands, and to report the incident to federal authorities.
A Bitdefender survey said that with nearly 50% of victims forking out sums ranging from US$300 to US$500, ransomware-on-demand or ransomware-as-a-service had proliferated considerably.
