Antivirus vendor Bitdefender obtained the Bart decryption keys from the Romanian police Users who have had their files encrypted by any version of the Bart ransomware program are in luck: Antivirus vendor Bitdefender has just released a free decryption tool.The Bart ransomware appeared back in June and stood out because it locked victims’ files inside ZIP archives encrypted with AES (Advanced Encryption Standard). Unlike other ransomware programs that used RSA public-key cryptography and relied on a command-and-control server to generate key pairs, Bart was able to encrypt files even in the absence of an internet connection.The original implementation of Bart did have some weaknesses and security researchers from antivirus firm AVG, which is now part of Avast, created a tool that could guess the password for the ransomware’s archives using brute-force methods. The decryptor required the user to have at least one unaffected copy of a file that had been encrypted.In later versions, the Bart developers changed their crypto implementation, rendering the AVG decryptor ineffective. According to Catalin Cosoi, chief security strategist at Bitdefender, the encryption used by the latest Bart variants is strong and has no obvious flaws. Despite that, Bitdefender was able to create a decryption tool after the Romanian police provided them with the necessary keys, which were probably obtained during an investigation. The company credits collaboration with the Romanian Police and Europol for its success in creating the tool.The tool was published on NoMoreRansom.org, a support website for ransomware victims that’s maintained by a coalition of security vendors and law enforcement agencies. The website has prevention advice as well as a set of decryption tools that work for various strains of ransomware. Some researchers believe Bart to be related to another widespread ransomware program, called Locky, that has affected many organizations in 2016. Files affected by this program have the .bart.zip, .bart and .perl extensions.As always, having a backup plan in place is the best approach to deal with potential ransomware infections, rather than hoping for a free decryption tool that might or might not work for the particular variant that ends up affecting your files.In the absence of backups, security experts advise against paying ransom because it encourages cybercriminals and doesn’t always result in file recovery. The affected files should be saved though in case a solution to recover them is found at a later date. Related content news Gitlab fixes bug that exploited internal policies to trigger hostile pipelines It was possible for an attacker to run pipelines as an arbitrary user via scheduled security scan policies. By Shweta Sharma Sep 21, 2023 3 mins Vulnerabilities Security feature Key findings from the CISA 2022 Top Routinely Exploited Vulnerabilities report CISA’s recommendations for vendors, developers, and end-users promote a more secure software ecosystem. By Chris Hughes Sep 21, 2023 8 mins Zero Trust Threat and Vulnerability Management Security Practices news Insider risks are getting increasingly costly The cost of cybersecurity threats caused by organization insiders rose over the course of 2023, according to a new report from the Ponemon Institute and DTEX Systems. By Jon Gold Sep 20, 2023 3 mins Budget Data and Information Security news US cyber insurance claims spike amid ransomware, funds transfer fraud, BEC attacks Cyber insurance claims frequency increased by 12% in the first half of 2023 while claims severity increased by 42% with an average loss amount of more than $115,000. By Michael Hill Sep 20, 2023 3 mins Insurance Industry Risk Management Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe