Threat Level: green Handler on Duty: John Bambenek

SANS ISC: Internet Storm Center - SANS Internet Storm Center Internet Storm Center

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Latest Diaries

ISC Stormcast For Monday, June 27th 2016

Bart - a new Ransomware

Published: 2016-06-26
Last Updated: 2016-06-26 17:27:07 UTC
by Rick Wanner (Version: 3)
7 comment(s)

Phishme is reporting the discovery of a new ransomware which its creators have named Bart. Bart shares several commonalities with the Locky ransomware.  Bart is delivered by the same downloader, RockLoader.  The payment site bares a striking resemblance to the Locky page. 

But Bart also deviates from Locky in other ways.  The ransom is much higher, 3 Bitcoins, approximately $2000.  But probably the most striking difference is that unlike most ransomware variants Bart does not require a command and control to facilitate the encryption and in fact looks like it has no command and control capability.  Bart does not utilize the complex public-private key or symmetric encryption methods that have become common in ransomware.  Instead it stores the encrypted files in password protected zip files, and utilizes a victim id and a tor-based payment website to  facilitate decryption.

Unfortunately, no decrpyter is yet available.

More information on Bart can be found at the Phishme website.

-- Rick Wanner MSISE - rwanner at isc dot sans dot edu - - Twitter:namedeplume (Protected)

Keywords: ransomware
7 comment(s)

If you have more information or corrections regarding our diary, please share.

Recent Diaries

An Approach to Vulnerability Management
3 days ago by Russell (12 comments)

Security through obscurity never works
4 days ago by Bojan (0 comments)

LogMeIn Captain! A "Not so Phishy" Phishing Campaign
6 days ago by Rob VandenBrink (2 comments)

Ongoing Spam Campaign Related to Swift
6 days ago by Xme (4 comments)

Using Your Password Manager to Monitor Data Leaks
1 week ago by Xme (3 comments)

View All Diaries →

Latest Discussions

Tracking EoL Software
created 3 days ago by SaltedSecurity (1 reply)

Past Data in TSV File from Feed
created 2 weeks ago by Palladion (1 reply)

Updating network object in ASA thru API
created 2 weeks ago by Krypt0ni8 (6 replies)
created 2 weeks ago by Anonymous (0 replies)

Google's No Password feature - Security Sucks these days
created 2 weeks ago by Anonymous (1 reply)

View All Forums →

Latest News

View All News →

Top Diaries

Critical Cisco ASA IKEv1/v2 Vulnerability. Active Scanning Detected
4 months ago by Dr. J. (24 comments)

An Approach to Vulnerability Management
3 days ago by Russell (12 comments)

Microsoft Patch Tuesday Summary for May 2016
1 month ago by Alex Stanford (5 comments)

Controlling JavaScript Malware Before it Runs
1 week ago by Rob VandenBrink (5 comments)

CVE-2015-7547: Critical Vulnerability in glibc getaddrinfo
4 months ago by Dr. J. (9 comments)