Brand-New Ransomware Bart Follows Footsteps of Dridex and Locky

Although Dridex (W32.Cridex) and Locky (Trojan.Cryptolocker.AF) have been unusually quiet, a new type of ransomware may be taking their place on the online threat landscape. Bart, a new ransomware variant, introduced by the same cybercriminal group behind Dridex and Locky, was spotted late last week.

ProofPoint researchers recently observed a large malware campaign distributing .zip attachments — mostly labeled as photos, images, or pictures — that contained JavaScript code (JS.Nemucod). Once opened, the attachments download and install RockLoader (Downloader.Zirchap) malware, which in turn downloads the Bart ransomware.

Bart then encrypts files with certain extensions on compromised computers. It displays its ransom note through a text file and the desktop wallpaper. Then the ransomware demands payment from the victim, promising that the encrypted files will then be decrypted.  

How to Stay Protected

Norton security products protect your computer against Bart. If you have Norton Security on your computer, it will detect the Bart ransomware. Remember, backing up your files is a preemptive strike against cybercriminals who try to hold your information for ransom. Under no circumstances should you pay the ransom, as it’s not guaranteed that you will get your data back.