Bart Ransomware
Posted: June 27, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 61 |
| First Seen: | June 27, 2016 |
|---|---|
| OS(es) Affected: | Windows |
The Bart Ransomware is a data encryption Trojan whose purpose is to encode your work-related data, and then drop a ransom message on your computer. Symptoms of this infection may include the presence of the above notes, changes to your desktop's background, and the replacement of your files with password-protected ZIP archives. The Bart Ransomware's distribution methods do use general Trojan downloaders capable of installing other threats, which is one reason why malware experts recommend the use of general anti-malware solutions for removing the Bart Ransomware.
The Young, Rebel Trojan with a Cause
What lies inside of a Trojan may be strikingly dissimilar to its external appearance and symptoms as one might see in the Bart Ransomware campaign. Although this Trojan shares many characteristics with a major variant of the '.locky File Extension' Ransomware, its code is almost entirely different, and its encryption technique is similarly divergent. However, its ransom payment and delivery strategies are sufficiently similar to the '.locky File Extension' Ransomware that current estimates are that the same group of con artists is responsible for both campaigns.
The Bart Ransomware delivers itself to vulnerable systems through a Trojan downloader, RockLoader, which disguises itself as a safe e-mail attachment. Opening the archive (named to look like a bundle of image files) launches RockLoader's JavaScript-based attack, which installs the Bart Ransomware. Malware experts saw linguistic variants of the Bart Ransomware's deployment parameters for multiple languages, although, so far, only American PC systems have been subject to significant attacks. Russian and Russia-neighboring regions also appear to be explicitly excluded.
The Bart Ransomware's encryption payload targets data types such as AVI, DOC, PPT, TXT and XLS. Instead of encoding the files and then adding an arbitrary extension to each one, the Bart Ransomware compresses each one into a separate ZIP archive with password protection. This relatively comprehensible form of data blockade concludes with a ransom note and background swap, both of which ask for a 3 Bitcoin payment (roughly two thousand USD) for recovering the compressed data.
Sending the Latest File Encryptor to Sit in the Corner
The '.locky File Extension' Ransomware and the Bart Ransomware share a great deal of their ransom payment-processing components with each other. However, the Bart Ransomware has crucial differences from the older Trojan, including being able to act without passing information to an external C&C server. Additionally, the Bart Ransomware may not be the only threat deposited on a compromised system; RockLoader also is known for distributing other threats, and its authors also are responsible for the Dridex banking spyware.
Paying a con artist to restore your data may not always have the intended consequences. Although the Bart Ransomware's authors are unlikely of committing amateur coding mistakes that would make decryption impossible from their end, they also have no motivation for providing services after receiving payment. As always, making regular backups not residing on a local drive is the simplest strategy for overwriting data impacted by hostile file encoding.
Malware experts only can date the Bart Ransomware's campaign as far back as late June. The potential development of free software solutions to the Bart Ransomware is ongoing, but until then, protecting your PC from the Bart Ransomware's attacks will offer the most defense to your data. In cases of suspected attacks, such as contact with a compromised e-mail attachment, scan the system with all applicable anti-malware tools for removing the Bart Ransomware immediately, if not necessarily restoring any content.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.