Bart - a new Ransomware
Phishme is reporting the discovery of a new ransomware which its creators have named Bart. Bart shares several commonalities with the Locky ransomware. Bart is delivered by the same downloader, RockLoader. The payment site bares a striking resemblance to the Locky page.
But Bart also deviates from Locky in other ways. The ransom is much higher, 3 Bitcoins, approximately $2000. But probably the most striking difference is that unlike most ransomware variants Bart does not require a command and control to facilitate the encryption and in fact looks like it has no command and control capability. Bart does not utilize the complex public-private key or symmetric encryption methods that have become common in ransomware. Instead it stores the encrypted files in password protected zip files, and utilizes a victim id and a tor-based payment website to facilitate decryption.
Unfortunately, no decrpyter is yet available.
More information on Bart can be found at the Phishme website.
-- Rick Wanner MSISE - rwanner at isc dot sans dot edu - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected)
Comments
Anonymous
Jun 26th 2016
8 years ago
The URL to the python decrypter is: http://phishme.com/wp-content/uploads/xor_decode.txt
Anonymous
Jun 26th 2016
8 years ago
Anonymous
Jun 26th 2016
8 years ago
Anonymous
Jun 26th 2016
8 years ago
Unfortunately, there is no decryptor for Bart encrypted files as of yet.
Anonymous
Jun 26th 2016
8 years ago
Anonymous
Jun 26th 2016
8 years ago
I have updated the diary to be accurate.
Anonymous
Jun 26th 2016
8 years ago
Nuke the infested systems, then restore them from your backup.
Afterwards secure them properly:
1. no administrative rights for users (no, UAC is a bad joke);
2. no execute permission for users in directories where they can (over)write files (see http://home.arcor.de/skanthak/SAFER.html or http://www.mechbgon.com/srp/index.html);
3. remove all unsupported and outdated software, and patch the remaining software to their current and maintained version.
Anonymous
Jun 28th 2016
8 years ago
https://www.evolving-science.com/information-communication/ransomware-attacks-how-our-technologies-could-be-affected-what-we-can-do-00621
Found something interesting.
Anonymous
Jun 6th 2018
6 years ago