Doh! New “Bart” Ransomware from Threat Actors Spreading Dridex and Locky

Proofpoint researchers discovered a new strain of ransomware called “Bart” – no kidding.

The Russian Cyber Mafia behind Dridex 220 and Locky are using the RockLoader malware to download Bart over HTTPS. Bart has a payment screen like Locky but encrypts files without first connecting to a command and control (C&C) server. It spreads with .zip attachments containing JavaScript Code and use social engineering to trick users into opening the attachments. Here is how they look:

bart-1

and the desktop background is replaced with the recover.bmp file:

bart-3

Proofpoint’s Conclusion:

While we are still investigating the technical details of this new ransomware, the connections between Bart and Dridex/Locky are significant. Because Bart does not require communication with C&C infrastructure prior to encrypting files, however, Bart may be able to encrypt PCs behind corporate firewalls that would otherwise block such traffic. Thus, organizations need to ensure that Bart is blocked at the email gateway using rules that block zipped executables. We will continue to monitor and analyze Bart as additional campaigns and details emerge.

Since phishing has risen to the #1 malware infection vector, and attacks are getting through your filters too often, getting your users effective security awareness training which includes frequent simulated phishing attacks is a must.

 

 

 

5 comments

  1. I’ve been browsing on-line more than 3 hours nowadays,
    but I by no means found any fascinating article like yours.

    It is beautiful value sufficient for me. In my opinion, if all
    web owners and bloggers made excellent content as you probably did, the net will probably be a lot more helpful than ever
    before. http://www.yahoo.net

  2. I’m still learning fгom you, while Ι’m trʏing
    to reach mmy goals. I ɗefinitely liked reading all that is posted on your site.Keep the stories сoming.
    I loved it!

  3. Thank you for the auspicious writeup. It in fact was a amusement account it.

    Look advanced to far added agreeable from you!

    However, how could we communicate?

  4. I really like your blog.. very nice colors & theme.
    Did you create this website yourself or did you hire someone to do it for you?

    Plz answer back as I’m looking to design my own blog and
    would like to know where u got this from. thanks a lot

  5. I discovered your blog web site on google and examine just a few of your early posts. Continue to maintain up the superb operate. I simply extra up your RSS feed to my MSN News Reader. Looking for forward to reading more from you later on!…

Leave a Reply

Your email address will not be published. Required fields are marked *