Remove Bart 2 Ransomware Virus and Restore .bart2 Encrypted Files - How to, Technology and PC Security Forum | SensorsTechForum.com
THREAT REMOVAL

Remove Bart 2 Ransomware Virus and Restore .bart2 Encrypted Files

OFFER

SCAN YOUR PC
with SpyHunter

Scan Your System for Malicious Files
Note! Your computer might be affected by Bart2 and other threats.
Threats such as Bart2 may be persistent on your system. They tend to re-appear if not fully deleted. A malware removal tool like SpyHunter will help you to remove malicious programs, saving you the time and the struggle of tracking down numerous malicious files.
SpyHunter’s scanner is free but the paid version is needed to remove the malware threats. Read SpyHunter’s EULA and Privacy Policy

bart-2-ransomware-STF

Cyber crooks have brought Bart ransomware virus back in the game – this time it’s called Bart v2.0 (also Bart2) and appends encrypted files with the .bart2 extension.
Bart v2.0 is considered an improved version from its predecessor Bart, for which developers have managed to release a decryptor.

Read further to find our how Bart v2.0 spreads and how you can remove it should your system has been infected by it.

Threat Summary

NameBart2
TypeRansomware
Short DescriptionEncrypts the user’s files with a strong encryption algorithm and requests to contact e-mail address to make a ransom payoff of approximately 2000 dolalrs in BitCoin.
SymptomsFiles are encrypted and become inaccessible and a .bart.zip file extension is being added to them. A ransom note is left as a text file as well as a wallpaper.
Distribution MethodSpam Emails, Email Attachments, File Sharing Networks.
Detection Tool See If Your System Has Been Affected by Bart2

Download

Malware Removal Tool

User ExperienceJoin our forum to Discuss Bart Ransomware.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

How Does Bart V2.0 Ransomware Virus Spread?

Bart v2.0 spreads just like its predecessor – via a botnet. The botnet is a network of machines capable of infecting different users across the world at the same time by sending huge quantities of infections all at once. Keep in mind that if your system, applications, protection, etc. are outdated, Bart v2.0 will be able to break into your PC successfully. Thus it’s very important to update your anti-malware program on a regular basis.

Spam emails are also a way to spread ransomware viruses. Users who bluntly trust anything they receive in the inbox, are the ones who fall victims of ransomware infections the most. Spam emails are usually disguised as legitimate ones, but they contain compromised URLs and file attachments. Once opened, the virus begins its installation.

How Does Bart V2.0 Work?

Bart ransomware is believed to be created by the same authors of Locky and Cerber3 viruses. And, although a decryption tool for Bart was released at the end of June this year, it still managed to cause a whole lot of trouble.

Apparently, cyber crooks have learnt their lesson after developers released a decryption tool for the first Bart. They have now released Bart v2.0 with several improvements. Its encryption is surely the most important improvement as it now requires more efforts to decrypt the affected files.

Also, the encrypted files receive the extention .bart2. Bart v2.0 is likely to look for the following files to encrypt:

.123, .3dm, .3ds, .3g2, .3gp, .602, .aes, .arc, .asc, .asf, .asm, .asp, .avi, .bak, .bat, .bmp, .brd, .cgm, .cmd, .cpp, .crt, .csr, .csv, .dbf, .dch, .dif, .dip,
.djv, .djvu, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .fla, .flv, .frm, .gif, .gpg, .hwp, .ibd, .jar, .java, .jpeg, .jpg, .key, .lay, .lay6, .ldf, .m3u, .m4u, .max, .mdb, .mdf, .mid, .mkv, .mov, .mp3, .mp4, .mpeg, .mpg, .ms11, .myf, .myi, .nef, .odb, .odg, .odp, .ods, .odt, .otg, .otp, .ots, .ott, .p12, .paq, .pas, .pdf, .pem, .php, .png, .pot, .potm, .potx, .ppam, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .psd, .rar, .raw, .rtf, .sch, .sldm, .sldx, .slk, .stc, .std, .sti, .stw, .svg, .swf, .sxc, .sxd, .sxi, .sxm, .sxw, .tar, .tbk, .tgz, .tif, .tiff, .txt, .uop, .uot, .vbs, .vdi, .vmdk, .vmx, .vob, .wav, .wb2, .wk1, .wks, .wma, .wmv, .xlc, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .zip

Unlike the first Bart which compiled the locked files into .zip folders requiring a password for decryption, Bart 2 ransomware now uses the AES and RSA encryption methods.

While the first version of Bart used the same password for all locked data folders, the new Bart v2.0 is reported to use different passwords for the different folders.

After the encryption of the files has finished, Bart v2.0 will drop a file with instructions which read like this:

“Your files have been encrypted by Bart2!

What happened to your files?
All of your files were protected by a strong encryption with RSA4096
More information about the encryption keys using RSA4096 can be found here: http://en.wikipedia.org/wiki/RSA_(cryptosystem)

How did this happen?
!!!Specially for your PC was generated
personal key, both public and private.
!!! ALL YOUR FILES were encrypted with the
public key, which has been transferred to
your computer via the Internet.
!!! Decrypting of your files is only possible
with the help of the private key and decrypt
program, which is on our Secret Server.

Remove Bart 2 and Restore Encrypted Data

We strongly urge you to not pay the demanded amount and remove the virus from your systems first. Only then you could try to restore some of the encrypted data.

Follow the instructions below:

Note! Your computer system may be affected by Bart2 and other threats.
Scan Your PC with SpyHunter
SpyHunter is a powerful malware removal tool designed to help users with in-depth system security analysis, detection and removal of threats such as Bart2.
Keep in mind, that SpyHunter’s scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter’s malware removal tool to remove the malware threats. Read our SpyHunter 5 review. Click on the corresponding links to check SpyHunter’s EULA, Privacy Policy and Threat Assessment Criteria.

To remove Bart2 follow these steps:

1. Boot Your PC In Safe Mode to isolate and remove Bart2 files and objects
2. Find files created by Bart2 on your PC

Use SpyHunter to scan for malware and unwanted programs

3. Scan for malware and unwanted programs with SpyHunter Anti-Malware Tool
4. Try to Restore files encrypted by Bart2
Boyana Peeva

Boyana Peeva

Believes that the glass is rather half-full and that nothing is bigger than the little things. Enjoys writing, reading and sharing content – information is power.

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...