14 DAY TRIAL // The rise of ransomware means that lots of people end up losing either their files or their money to attackers. Well, those affected by the Bart ransomware no longer have to worry because folks over at Bitdefender came up with a decryption tool to help everyone recover their data.
The Bart ransomware was first spotted back in July 2016, but up until now, no one came up with a solution for those whose files got locked up by it. The Bart Ransomware Decryption tool Bitdefender came up with can decrypt files with several extensions - ".bart.zip," ".bart," and ".perl."
Bitdefender says the tool is a result of the collaboration between the company, Europol, and the Romanian police, and it comes to support the "No More Ransome" initiative that was started by Europol's European Cybercrime Centre.
How Bart works
Bart ransomware sets itself apart from other families because it can encrypt a victim's files without relying on any internet connection. Decrypting the affected files, however, requires an internet connection to access the attacker's Command and Control server, which is used to transfer bitcoins and receive the decryption key.
The malware doesn't work if the computer's language is detected as Russian, Belorussian, or Ukrainian, which indicates that it is quite likely that the code was written by a Russian-speaking hacker.
The ransomware works by deleting system restore points, generating a seed to create an encryption key using information from the victim's machine, enumerating files and encrypting them with the generated key. It then uses a master key to encrypt the key used to encrypt the files, before displaying the ransom note and redirecting the victim to a .onion website.
Researchers believe the Bart malware developers are the same as those behind Dridex and Locky, using spam email as the main distribution method.