Ransomware has literally taken the computer security world by storm, and the future outlook doesn't look like ransomware authors will let up anytime soon. A particular type of threat that stands out from the rest of recent ransomware is Bart Ransomware, which is spread through a botnet and takes your files to place them inside of a password-protected ZIP file only to delete the originals.
Bart Ransomware was recognized as a threat that took a different direction of other recent encryption type ransomware. In its different actions, Bart Ransomware asked its victims for a substantial ransom fee of 3 Bitcoin, which is about $1,800 USD. With what appears to be a crack on the malware, Bart Ransomware now has a free file decrypter that will essentially restore all files that were copied into a ZIP archive and then deleted from their original location. The decrypter, which is a password used to unlock the ZIP archive of files that Bart has created with several previously deleted files, was created by Jakub Kroustek, who is a security researcher for the security firm AVG.
Bart Ransomware is one of a few handfuls of threats that take a different approach to extorting money from victimized computer users using aggressive ransom tactics. Named after the jokingly unique character of Bart Simpson on the Simpsons show, Bart Ransomware appears to be among the latest to be cracked and defeated by computer security experts.
The process for decrypting or restoring files locked up in a ZIP file by Bart Ransomware may require some know-how of navigating a Windows computer's hard drive folders and obtaining the proper tool, which was recently provided by AVG. The extensive tutorial, which may be reserved for expert computer users, has been made available through AVG's site.
What we have learned through the many threats that lock up computers through file encryption or another method of holding an infected computer for ransom, is that we should never limit the possibilities of sophisticated malware.
Our first encounter of Bart Ransomware we discovered that it was among the first to perform the actions of having a password-protected file to contain an infected system's files in place of the common file encryption actions. At the time, Bart Ransomware was closely compared to Locky Ransomware, which is one of the most aggressive and wide-spreading types of malware this year.
There are other working components to Bart Ransomware that make it successful in its actions of moving files to a ZIP archive and then deleting the originals. Among those actions, Bart Ransomware is initialized through a JS file that is included within the originating ZIP file where it downloads RockLoader, which is a malicious program that downloads the Bart Ransomware.
Even though we don't condone the use of 3rd party solutions to resolving ransomware issues, AVG seems to have a viable option to restoring files that are removed by Bart Ransomware. Anything is better than paying a $1,800 ransom fee, even if you have to dish out as much as $100 to get your files back and your computer back in normal working order.