April 10, 2017
Free tools for unlocking Bart, Merry X-Mas, and other types of ransomware have been released as part of the No More Ransom initiative.
Bart ransomware has been troubling victims since July last year.
Victims of the Bart ransomware, which is capable of encrypting victims' files even when they don't have an internet connection, can now recover their lost data for free.
The tool is a direct result of a collaboration between security firms, Europol and the police as part of the No More Ransom initiative by Europol's European Cybercrime Centre, which today released 15 new decryption tools for various types of ransomware.
First spotted in July last year, Bart is different to other ransomware families in that it can encrypt the victim's files even if they aren't connected to the internet. This is because it doesn't require a command-and-control server connection prior to encrypting files -- it merely locks files in password-protected ZIP folders.
However, the decryption process does require the victim to be connected to the internet, so that the attackers can access the command-and-control server required to transfer the Bitcoin ransom paid by the victim, and decrypt their files.
Ultimately, this ransomware shows how cybercriminals can successfully extort payments from victims, even if the encryption method is very basic.
Although simplistic, Bart has been very successful at extracting payments from victims. But now security researchers at Bitdefender have released a free decryptor tool that combats all forms of Bart ransomware.
The Bart decryption tool from Bitdefender.
As well as tools for decrypting Bart, No More Ransom has released tools for unlocking Merry X-Mas, Popcorn, and other ransomware variants, allowing more victims to retrieve their files without paying the criminals.
Launched in July last year, the No More Ransom portal provides keys to unlocking files held hostage by various types of ransomware, as well as information on how to avoid getting infected in the first place.
The scheme has grown since it first launched, with over 90 public sector and private sector partners now onboard, offering dozens of decryption tools for ransomware variants.
Available in 14 languages, the scheme has helped over 10,000 people decrypt devices locked by the likes of MarsJoke, Teslacrypt, and Wildfire without needing to pay criminals for the privilege.
While initiatives like No More Ransom are helping victims, ransomware is still booming -- thanks in part to the likelihood that organisations will accede to ransom demands: one-third of businesses paid hackers to regain access to their lost data in the last 12 months alone. That willingness to give in and pay ransoms led to cybercriminals raking in $1bn from ransomware during last year.
Ransomware has become one of the biggest menaces on the web: this ZDNet guide contains everything you need to know about it: how it started, why it's booming, how to protect against it, and what to do if your PC suffers an attack.