Digit Geek
Digit Geek > Recent Articles > Technology > Free decryption tool for Bart ransomware

Free decryption tool for Bart ransomware

In collaboration with Europol and Romanian Police, Bitdefender has developed a tool to decrypt files that have been encrypted by the Bart ransomware.

Ransomware can be a pain, especially for important or official files. One such ransomware, Bart, has been causing a lot of trouble due to its ability to work offline. Fortunately, for users affected by this ransomware, security firm Bitdefender has managed to build a free tool to help them decrypt affected files.

In support of the ‘No More Ransom’ initiative by Europol’s Europian Cyber Crime Centre, Bitdefender has collaborated with Europol and Romanian police to make this tool freely available at NoMoreRansom.org. They also claim that this tool works with encrypted files with the extensions “.bart.zip”, “.bart” and “.perl”. Quite possibly, the keys required to make the decryption process possible have been provided by the law enforcement authorities, who themselves might have obtained them during ongoing investigations.

What is Bart Ransomware?

Bart is a particularly notorious ransomware released in June 2016 by the same guys who were behind Locky. Most ransomware use RSA public key cryptography, which relies on an internet connection to access command and control servers to generate key pairs. Bart uses Advanced Encryption Standard to lock files within a ZIP archive, for which it does not require an internet connection and can lock the files offline as well.

A sample ransomware message
While this is not a screenshot of Bart, most ransomware messages rely on similar threats to scare users into paying the ransom

It was not like this is the first time Bart is being decrypted. The initial implementation did have some kinks in its armour and was cracked by researchers at AVG using Brute force methods. But the Bart developers hit back by upgrading their cryptographic implementations using much stronger methods. It is this upgraded version which has now been successfully decrypted with the new tool.

Essentially, Bart works as follows:

  • Deleting system restore points;
  • Generates a seed to create an encryption key by using information retrieved from the target machine;
  • Uses generated key to enumerate and encrypts files;
  • Uses a master key to encrypt the key used to encrypt the files (this becomes the victim’s unique id – UID); and then
  • Show ransom note and redirect to a .onion website (the URL contains the victim’s UID).

What can you do?

Even though the actual encryption on such ransomware methods is getting stronger by the day, it is fairly easy to avoid them if you follow standard security practices – like avoiding opening attachments from unrecognised sources. According to a Bitdefender analysis, the global losses incurred due to ransomware have reached $1 Billion and users are paying anything between $300 to $500 to get their files unlocked. And just in case you are one of the affected ones too, remember that you’ll only be empowering the malicious developers behind ransomware by paying the ransom. In many cases, holding on to the files until a decryption method is found has proven useful.

Source: Bitdefender, PCWorld

Arnab Mukherjee

Arnab Mukherjee

A former tech-support desk jockey, you can find this individual delving deep into all things tech, fiction and food. Calling his sense of humour merely terrible would be a much better joke than what he usually makes.