Bitdefender has created a free Bart ransomware decryptor that permits victims to unlock their files without meeting a ransom demand.

Bart Ransomware was first discovered in June 2016. The ransomware variant stood out from the others due to its ability to encrypt files even without an Internet connection. Most ransomware variants rely on a link to their command and control server to generate public-private key pairs; however, Bart ransomware does not. Only the decryption process needs an Internet connection to transfer the ransom payment and get the decryption key.

Bart ransomware posed a major threat to corporate users. Command and control center communications could possibly be prevented by firewalls preventing encryption of files. However, without any C&C contact, corporate users were in danger.

Bart ransomware was thought to have been developed by the gang behind Locky and the Dridex banking Trojan. Bart ransomware shared a large portion of code with Locky, was distributed in the same manner and used a ransom message very similar to that implemented by Locky.

As with Locky, Bart ransomware encrypted a wide variety of file types. While early versions of the ransomware variant were fairly uncomplicated, later versions saw flaws addressed. Early versions of the ransomware variant prevented access to files by locking them in password-protected zip files.

The initial method of locking files was ‘cracked’ by AVG, although only by guessing the password using brute force tactics. In order for the brute force method to work, a copy of an encrypted file along with its unencrypted original was necessary. In later versions of the ransomware, the use of zip files was ended and AVG’s decryption technique was rendered ineffective. The encryption process used in the more recent versions was much stronger and the ransomware had no known weaknesses.

Until Bitdefender developed the most recent Bart Ransomware decryptor, victims had two choices – recover encrypted files from backups or pay the attackers’ ransom demand.

Luckily, Bitdefender was able to create a Bart Ransomware decryptor from keys supplied by Romanian police which were obtained during a criminal review. The Bart ransomware decryptor was created by Bitdefender after working with both the Romanian police and Europol.

From April 4, 2017, the Bart ransomware decryptor has been made available for free installation from the No More Ransom website. If your files have been encrypted by ransomware, it is possible to see if the culprit is Bart from the extension added to encrypted files. Bart uses the .bart, .perl, or bart.zip extensions.

Bart ransomware may be thought to have links to Locky, although there is no indication that keys have been obtained that will permit a Locky ransomware decryptor to be created. The best form of security against attacks is blocking spam emails to stop infection and ensuring backups of all sensitive data have been put in place.