Bart - a new Ransomware

Published: 2016-06-26
Last Updated: 2016-06-26 17:27:07 UTC
by Rick Wanner (Version: 3)

Phishme is reporting the discovery of a new ransomware which its creators have named Bart. Bart shares several commonalities with the Locky ransomware. Bart is delivered by the same downloader, RockLoader. The payment site bares a striking resemblance to the Locky page.

But Bart also deviates from Locky in other ways. The ransom is much higher, 3 Bitcoins, approximately $2000. But probably the most striking difference is that unlike most ransomware variants Bart does not require a command and control to facilitate the encryption and in fact looks like it has no command and control capability. Bart does not utilize the complex public-private key or symmetric encryption methods that have become common in ransomware. Instead it stores the encrypted files in password protected zip files, and utilizes a victim id and a tor-based payment website to facilitate decryption.

Unfortunately, no decrpyter is yet available.

More information on Bart can be found at the Phishme website.

-- Rick Wanner MSISE - rwanner at isc dot sans dot edu - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected)

Keywords: ransomware

9 comment(s)

Comments

cwqwqwq

eweew<a href="https://www.seocheckin.com/edu-sites-list/">mashood</a>

WQwqwqwq[url=https://www.seocheckin.com/edu-sites-list/]mashood[/url]

dwqqqwqwq mashood

[https://isc.sans.edu/diary.html](https://isc.sans.edu/diary.html)

[https://isc.sans.edu/diary.html | https://isc.sans.edu/diary.html]

What's this all about ..?

password reveal .

<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure:

<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.

<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission

https://thehomestore.com.pk/

Internet Storm Center

Bart - a new Ransomware

Comments

www

Nov 17th 2022
4 months ago

EEW

Nov 17th 2022
4 months ago

qwq

Nov 17th 2022
4 months ago

mashood

Nov 17th 2022
4 months ago

isc.sans.edu

Nov 23rd 2022
4 months ago

isc.sans.edu

Nov 23rd 2022
4 months ago

isc.sans.edu

Dec 3rd 2022
3 months ago

isc.sans.edu

Dec 3rd 2022
3 months ago

isc.sans.edu

Dec 26th 2022
2 months ago

isc.sans.edu

Dec 26th 2022
2 months ago

Bart - a new Ransomware

Comments

www

Nov 17th 20224 months ago

EEW

Nov 17th 20224 months ago

qwq

Nov 17th 20224 months ago

mashood

Nov 17th 20224 months ago

isc.sans.edu

Nov 23rd 20224 months ago

isc.sans.edu

Nov 23rd 20224 months ago

isc.sans.edu

Dec 3rd 20223 months ago

isc.sans.edu

Dec 3rd 20223 months ago

isc.sans.edu

Dec 26th 20222 months ago

isc.sans.edu

Dec 26th 20222 months ago

Nov 17th 2022
4 months ago

Nov 17th 2022
4 months ago

Nov 17th 2022
4 months ago

Nov 17th 2022
4 months ago

Nov 23rd 2022
4 months ago

Nov 23rd 2022
4 months ago

Dec 3rd 2022
3 months ago

Dec 3rd 2022
3 months ago

Dec 26th 2022
2 months ago

Dec 26th 2022
2 months ago