Bart2 Ransomware Infection – the New Version of Bart Ransomware

A new troublesome crypto virus had been spotted in the wild. Dubbed Bart2 (Bart v2.0) this ransomware is the next version of Bart ransomware. It infects users, encrypts their files using strong RSA-4096 cipher, and appends .bart2 extension at the end. Victims are asked to pay a ransom sum in bitcoins to get the private key and decrypt their data.

The predecessor of Bart2 – Bart ransomware has been decrypted by the specialists form AVG. They have released a decryptor in July this year. Аapparently the creators of this crypto virus have found a new way to harass the users. They have certainly improved the encryption method so it will probably take more effort to the “good guys” to decode the .bart2 encrypted files. However, there is still a chance for free Bart2 decryptor to be created. As soon as it happens we will update the information in this article.

Keep reading and learn about the damage Bart2 causes to your computer. At the end of the article you could find manual instructions that will help you to remove the ransomware form the system.

Once Bart2 Is on the Computer

The malicious files of Bart2 may be stored at one of the following folders:

  • %AppData%
  • %Roaming%
  • %Temp%
  • %Local%
  • %Desktop%

When the malicious payload is executed the encryption module of Bart2 starts scanning for approximately 140 file types to encrypt:

.123, .3dm, .3ds, .3g2, .3gp, .602, .aes, .arc, .asc, .asf, .asm, .asp, .avi, .bak, .bat, .bmp, .brd, .cgm, .cmd, .cpp, .crt, .csr, .csv, .dbf, .dch, .dif, .dip,
.djv, .djvu, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .fla, .flv, .frm, .gif, .gpg, .hwp, .ibd, .jar, .java, .jpeg, .jpg, .key, .lay, .lay6, .ldf, .m3u, .m4u, .max, .mdb, .mdf, .mid, .mkv, .mov, .mp3, .mp4, .mpeg, .mpg, .ms11, .myf, .myi, .nef, .odb, .odg, .odp, .ods, .odt, .otg, .otp, .ots, .ott, .p12, .paq, .pas, .pdf, .pem, .php, .png, .pot, .potm, .potx, .ppam, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .psd, .rar, .raw, .rtf, .sch, .sldm, .sldx, .slk, .stc, .std, .sti, .stw, .svg, .swf, .sxc, .sxd, .sxi, .sxm, .sxw, .tar, .tbk, .tgz, .tif, .tiff, .txt, .uop, .uot, .vbs, .vdi, .vmdk, .vmx, .vob, .wav, .wb2, .wk1, .wks, .wma, .wmv, .xlc, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .zip

This process ends with appending .bart2 extension to the corrupted files leaving them un-openable. Afterward it drops a file that depicts information and instructions. This is actually a ransom message created by the distributors of the ransomware. It states the following:

“Your files have been encrypted by Bart2!
What happened to your files?
All of your files were protected by a strong encryption with RSA4096
More information about the encryption keys using RSA4096 can be found here: http://en.wikipedia.org/wiki/RSA_(cryptosystem)

How did this happen?
!!!Specially for your PC was generated
personal key, both public and private.
!!! ALL YOUR FILES were encrypted with the
public key, which has been transferred to
your computer via the Internet.
!!! Decrypting of your files is only possible
with the help of the private key and decrypt
program, which is on our Secret Server.

Spread methods of Bart2 ransomware

One of the most likely spread methods of this new crypto virus is via spam email campaigns. Cyber criminals may try to make the presence of malware in the email unrecognizable by posing as legitimate sources. The email may contain a malicious attachment and compromised links that can cause an infection with Bart2 ransomware. Bart2 may also be spread via a botnet as its former version Bart.

Remove Bart2 Ransomware

Ransomware viruses are a very serious problem that violates the normal performance of the computer and endangers the stored data. We firmly recommend the victims of Bart2 ransomware to avoid the option of paying the ransom and utilize any existing alternative ways to recover the encrypted data. But before this step, Bart2 ransomware should be instantly removed. Our manual malware removal guide will help for the complete elimination of the threat. Be protected in future – install a reliable anti-malware program, check for software updates and always install them, and be careful when browsing the Internet.

Gergana Ivanova

Author : Gergana Ivanova

Gergana Ivanova is computer security enthusiast who enjoys presenting the latest issues related to cyber security.


Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *