Free Decrypter Available for Bart Ransomware

  • Thread starter
  • Admin
  • #1


Malware Removal Specialist - Administrator
Victims can now recover their files for free

Almost a month after security researchers first spotted the Bart ransomware, Jakub Kroustek, a security researcher for AVG, has created a free decrypter for recovering files locked by the Bart ransomware.

In the crowded space of today's ransomware landscape, Bart stands apart from the competition for two reasons.

First, the ransomware is distributed via one of the largest malware-spreading botnets in the world, the same network that spreads the Dridex banking trojan and the Locky ransomware.

Secondly, Bart does not use encryption to lock your data, but merely takes all your files and places them inside a password-protected ZIP archive, deleting the originals.

Kroustek discovered that Bart does not use different passwords for all files, but one and the same.
The researcher was able to put together a free decrypter, which victims can use to recover their locked files.

How to decrypt files locked by the Bart ransomware

Step 1: To use the decrypter, you must first download it from AVG's website.
Once you downloaded the decrypter, just double-click it and launch it into execution.

Step 2: Select the hard drive locations where Bart has locked your files in password-protected ZIP files.

Step 3: Identify two versions of the same file to compare.
One must be the one locked by Bart while the other must be the original of the same file.

This should be pretty easy since Bart does not rename files, but only appends the file extension at the end.

To find an original file, either use one from your Dropbox account, a file you received via email, or you stored on another computer or portable flash drives.

Step 4: Give the decrypter time to compare the two files and identify the ZIP file's password.
After this, the decryption process is a point-and-click experience.
If you need more help, AVG also has a tutorial available.