Cyber crooks have brought Bart ransomware virus back in the game – this time it’s called Bart v2.0 (also Bart2) and appends encrypted files with the .bart2 extension.
Bart v2.0 is considered an improved version from its predecessor Bart, for which developers have managed to release a decryptor.
Read further to find our how Bart v2.0 spreads and how you can remove it should your system has been infected by it.
|Short Description||Encrypts the user’s files with a strong encryption algorithm and requests to contact e-mail address to make a ransom payoff of approximately 2000 dolalrs in BitCoin.|
|Symptoms||Files are encrypted and become inaccessible and a .bart.zip file extension is being added to them. A ransom note is left as a text file as well as a wallpaper.|
|Distribution Method||Spam Emails, Email Attachments, File Sharing Networks.|
|Detection Tool|| See If Your System Has Been Affected by Bart2 |
Malware Removal Tool
|User Experience||Join our forum to Discuss Bart Ransomware.|
|Data Recovery Tool||Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.|
How Does Bart V2.0 Ransomware Virus Spread?
Bart v2.0 spreads just like its predecessor – via a botnet. The botnet is a network of machines capable of infecting different users across the world at the same time by sending huge quantities of infections all at once. Keep in mind that if your system, applications, protection, etc. are outdated, Bart v2.0 will be able to break into your PC successfully. Thus it’s very important to update your anti-malware program on a regular basis.
Spam emails are also a way to spread ransomware viruses. Users who bluntly trust anything they receive in the inbox, are the ones who fall victims of ransomware infections the most. Spam emails are usually disguised as legitimate ones, but they contain compromised URLs and file attachments. Once opened, the virus begins its installation.
How Does Bart V2.0 Work?
Bart ransomware is believed to be created by the same authors of Locky and Cerber3 viruses. And, although a decryption tool for Bart was released at the end of June this year, it still managed to cause a whole lot of trouble.
Apparently, cyber crooks have learnt their lesson after developers released a decryption tool for the first Bart. They have now released Bart v2.0 with several improvements. Its encryption is surely the most important improvement as it now requires more efforts to decrypt the affected files.
Also, the encrypted files receive the extention .bart2. Bart v2.0 is likely to look for the following files to encrypt:
.123, .3dm, .3ds, .3g2, .3gp, .602, .aes, .arc, .asc, .asf, .asm, .asp, .avi, .bak, .bat, .bmp, .brd, .cgm, .cmd, .cpp, .crt, .csr, .csv, .dbf, .dch, .dif, .dip,
.djv, .djvu, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .fla, .flv, .frm, .gif, .gpg, .hwp, .ibd, .jar, .java, .jpeg, .jpg, .key, .lay, .lay6, .ldf, .m3u, .m4u, .max, .mdb, .mdf, .mid, .mkv, .mov, .mp3, .mp4, .mpeg, .mpg, .ms11, .myf, .myi, .nef, .odb, .odg, .odp, .ods, .odt, .otg, .otp, .ots, .ott, .p12, .paq, .pas, .pdf, .pem, .php, .png, .pot, .potm, .potx, .ppam, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .psd, .rar, .raw, .rtf, .sch, .sldm, .sldx, .slk, .stc, .std, .sti, .stw, .svg, .swf, .sxc, .sxd, .sxi, .sxm, .sxw, .tar, .tbk, .tgz, .tif, .tiff, .txt, .uop, .uot, .vbs, .vdi, .vmdk, .vmx, .vob, .wav, .wb2, .wk1, .wks, .wma, .wmv, .xlc, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .zip
Unlike the first Bart which compiled the locked files into .zip folders requiring a password for decryption, Bart 2 ransomware now uses the AES and RSA encryption methods.
While the first version of Bart used the same password for all locked data folders, the new Bart v2.0 is reported to use different passwords for the different folders.
After the encryption of the files has finished, Bart v2.0 will drop a file with instructions which read like this:
“Your files have been encrypted by Bart2!
What happened to your files?
All of your files were protected by a strong encryption with RSA4096
More information about the encryption keys using RSA4096 can be found here: http://en.wikipedia.org/wiki/RSA_(cryptosystem)
How did this happen?
!!!Specially for your PC was generated
personal key, both public and private.
!!! ALL YOUR FILES were encrypted with the
public key, which has been transferred to
your computer via the Internet.
!!! Decrypting of your files is only possible
with the help of the private key and decrypt
program, which is on our Secret Server.
Remove Bart 2 and Restore Encrypted Data
We strongly urge you to not pay the demanded amount and remove the virus from your systems first. Only then you could try to restore some of the encrypted data.
Follow the instructions below:
Manually delete Bart2 from your computer
Note! Substantial notification about the Bart2 threat: Manual removal of Bart2 requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.