Decrypter Available for Ransomware

Friday, July 22, 2016 @ 11:07 AM gHale

A decrypter is now available for the Bart ransomware.

Bart is different from other strands of ransomware because it goes out via one of the largest malware-spreading botnets in the world and it does not use encryption to lock data, but merely takes all the files and places them inside a password-protected ZIP archive, deleting the originals.

Copycat Ransomware Making Rounds
Ransomware Evolves with Upgrade
Ransomware Gives Away Key
Ransomware Masked as Rockwell Update

Jakub Kroustek, a security researcher for AVG, found Bart does not use different passwords for all files, but one and the same. The researcher put together a free decrypter, which victims can use to recover their locked files.

To use the decrypter a user should follow these steps:
• To use the decrypter, the user should download it from AVG’s website. Once the decrypter ends up downloaded, double-click it and launch it into execution.
• Select the hard drive locations where Bart locked the files in password-protected ZIP files.
• Identify two versions of the same file to compare. One must be the one locked by Bart while the other must be the original of the same file.
• This should be pretty easy since Bart does not rename files, but only appends the file extension at the end. To find an original file, either use one from your Dropbox account, a file you received via email, or you stored on another computer or portable flash drives.
• Give the decrypter time to compare the two files and identify the ZIP file’s password. After this, the decryption process is a point-and-click experience.

AVG also has a quick course available on its website.