Application security, Threat Management, Incident Response, Malware, TDR

Troublemaking Bart ransomware follows in Dridex and Locky’s footsteps

Don't have a cow, man, but a newly discovered ransomware named Bart doesn't need to connect with a command-and-control server in order to encrypt victims' files. Consequently, even the strongest corporate firewalls that block malware from sending outgoing traffic may be unable to stop Bart from rendering a PC ineffective.

In a recent blog post, Proofpoint identifies Bart as the latest creation from the adversaries behind Dridex and Locky, an interesting observation in light of reports that a major botnet campaign featuring these two malware programs was discontinued this month.

Although its coding is quite different, Bart shares similarities to its forebears, including its email-based distribution method, ransom message and payment portal, use of the RockLoader dropper to download over HTTPS. In lieu of connecting with a C&C server, the malware instead likely passes data about an infected machine to the payment server in the URL “id” parameter, Proofpoint continues.

Proofpoint cited a June campaign in which recipients received spam messages with malicious .zip attachments containing JavaScript code. The campaign appears to primarily target U.S. users, although the malware can communicate in five languages – English, French, German, Italian and Spanish. It will not activate if a user's system language is Russian, Ukrainian or Belorussian.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.