Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Cybercriminals distribute new file-scrambling program called Bart

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

June 28, 2016

The cybercriminals behind such nasty ransomware as Dridex and Locky have started distributing a new file-scrambling software dubbed Bart, and it looks like it's a really bad beast ready to attack.

Overall, Bart has a payment screen that looks just like Locky's, and encrypts documents without first connecting to a remote command-and-control server to receive its orders.

Bart may therefore be able to encipher Windows PC filesystems behind corporate firewalls that would otherwise block such malicious traffic, and that's something that should keep system admins on their toes.

Miscreants are pushing the Bart ransomware onto PCs via RockLoader. This precursor malware is distributed as script code in email attachments, says security firm Proofpoint.

"Proofpoint researchers detected a large campaign with .zip attachments containing JavaScript code," the company explained.

"If opened, these attachments download and install the intermediary loader RockLoader (previously discovered by Proofpoint and used with Locky), which in turn downloads the new ransomware called Bart."

Each message in this campaign has the subject "Photos" with an attachment called photos.zip, which contains malicious JavaScript code that, when opened, fetches the Bart executable via HTTPS and installs it.

And it gets worse, a LOT worse:- Bart does not run if it determines the user's system language is Russian, Ukrainian, or Belorussian. Prior to creating documents explaining how to pay the ransom and unscramble the encrypted files, the malware determines the user's system language.

It has translations of these instructions available in Italian, French, German, and Spanish.

The ransom note instructs victims to pay three Bitcoins (just under US $2,000 at current exchange rates).

"This first campaign appears to largely be targeting U.S. interests but, given the global nature of Locky and Dridex targeting and the available translations for the recovery files, it is unlikely that Bart will remain this localized," according to Proofpoint.

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.


Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer