Troublemaking Bart ransomware follows in Dridex and Locky's footsteps
Aye, caramba! An emerging ransomware named Bart appears to be the latest troublesome creation from the actors behind Locky and Dridex.
Don't have a cow, man, but a newly discovered ransomware named Bart doesn't need to connect with a command-and-control server in order to encrypt victims' files. Consequently, even the strongest corporate firewalls that block malware from sending outgoing traffic may be unable to stop Bart from rendering a PC ineffective.
In a recent blog post, Proofpoint identifies Bart as the latest creation from the adversaries behind Dridex and Locky, an interesting observation in light of reports that a major botnet campaign featuring these two malware programs was discontinued this month.
Although its coding is quite different, Bart shares similarities to its forebears, including its email-based distribution method, ransom message and payment portal, use of the RockLoader dropper to download over HTTPS. In lieu of connecting with a C&C server, the malware instead likely passes data about an infected machine to the payment server in the URL “id” parameter, Proofpoint continues.