Ransomware – BART uses new design without command and control capability
Uncategorized June 27th, 2016Ransomware continues to be a highly destructive threat to information resources. Design innovation continues as documented by the SANS Internet Storm Center and Phishme security sites
Phishme is reporting the discovery of a new ransomware which its creators have named Bart. Bart shares several commonalities with the Locky ransomware. Bart is delivered by the same downloader, RockLoader. The payment site bares a striking resemblance to the Locky page.But Bart also deviates from Locky in other ways. The ransom is much higher, 3 Bitcoins, approximately $2000. But probably the most striking difference is that unlike most ransomware variants Bart does not require a command and control to facilitate the encryption and in fact looks like it has no command and control capability. Bart does not utilize the complex public-private key or symmetric encryption methods that have become common in ransomware. Instead it stores the encrypted files in password protected zip files, and utilizes a victim id and a tor-based payment website to facilitate decryption.