AVG malware analyst Jakub Kroustek has devised a decryptor for Bart ransomware, and the company has made it available for download (for free).
This particular piece of malware was first spotted in late June, being delivered via spam emails sent out by the Necurs botnet – the botnet that’s responsible for the onslaught of Locky ransomware and the Dridex Trojan.
Bart is not your typical crypto ransomware as it doesn’t encrypt victims’ files. Instead, it puts them into individual archives, protects them with a “password,” and deletes the originals. Then, it asks the victims to pay up in order to receive a decrypter that will restore those files.
It’s easy to discover whether you’ve been hit with Bart: the ransomware got its name due to the .bart extension it adds to the archived files. For example, if an original file was named file.txt, the encrypted file will be named file.txt.bart.zip.
To uncover the key, the Bart decryptor needs to compare an original file and its encrypted version.
So, you’ll need an original file – maybe from a backup disk, stored in an email or in the cloud.
Once you’ve downloaded and launched AVG’s decryptor, you feed it with the two versions of the file, tell it where it can find the other encryped files, and the tool does the rest.