|Short Description||Encrypts the user’s files with a strong encryption algorithm and requests to contact e-mail address to make a ransom payoff of approximately 2000 dolalrs in BitCoin.|
|Symptoms||Files are encrypted and become inaccessible and a .bart.zip file extension is being added to them. A ransom note is left as a text file as well as a wallpaper.|
|Distribution Method||Spam Emails, Email Attachments, File Sharing Networks.|
See If Your System Has Been Affected by Bart
Malware Removal Tool
|User Experience||Join our forum to Discuss Bart Ransomware.|
|Data Recovery Tool||Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.|
Bart Ransomware – How Is It Spread
In the archives, the user may find a .js file which may have a random name, for example, JPG_9834124.js.
Bart Ransomware In Depth
After it has been dropped, Bart ransomware may be situated on one of these key Windows folders:
The files dropped by Bart may activate its encryption module which looks for approximately 140 file types to encrypt:
After encrypting these types of files, Bart Ransomware drops the following files onto the user’s computer:
The recover.txt file contains the same message as the .bmp file which is set as a desktop wallpaper. It contains the ransom note which is the following:
When connected to the ransomware’s payoff web page, the following picture is displayed:
As visible it gives users instructions to pay the ransom money by converting them ultimately to BitCoin. The sum requested by this virus is approximately 3 BTC, which is at the time of writing this ~2000 US dollars. Also, the instructions point out to downloading a decryptor with almost the same instructions as Locky‘s Decryptor.
This strongly suggests that this ransomware virus may be a variant of the notorious Locky Ransomware, which has made a massive impact on users. This strongly suggests that Locky ransomware may have been released for sale in the black markets of the deep web. It also means that Bart ransomware may have used an AES-128 to encrypt the files of the victims after which it adds the .bart.zip file extension, for example:
Bart Ransomware – Conclusion, Removal, and File Restoration
Just like with Locky ransomware, this virus uses the same overlay for the HTML web page as well as the same ransom note. This strongly suggests that it has either been created by the same cyber criminals, or used by “clients” who may have purchased it as a RaaS (Ransomware-as-a-Service).
If you have been infected with Bart ransomware, you should know that paying the cyber-criminals is a risky process, because of several obvious reasons:
- You lay your trust to people who hacked your computer.
- There is no guarantee of getting the money back.
- You support them in making money and most likely investing it in making more malware.
This is why Bart Ransomware should immediately be removed from your computer. To do this effectively, we strongly advise for following the instructions after this article and making sure all files related to Bart are permanently remove. The most effective way for that is to use an anti-malware program which is what experts would do since multiple infections may drop more than one files in different folders and modify various registry keys.
To try and restore your files, unfortunately like Locky, direct decryption will not work for you. This is why we strongly recommend to you to try our alternatives for restoring files encoded by Bart Ransomware. Before attempting them you should know that there is no guarantee that you will get all of your files back, it is just a last resort method which may or may not work for you. Since some of the users on our forums have reported restoring several files this way, we advise trying the methods in step “3. Restore files encrypted by Bart” below.
Manually delete Bart from your computer
Note! Substantial notification about the Bart threat: Manual removal of Bart requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.