Jakub Kroustek, a malware researcher at Avast has managed to stumble upon a quite new ransomware infection, based on the Locky ransomware viruses. The infection uses the .pearl file extension which it later on adds to files that have been encrypted with a strong cipher. Since the virus is very similar to the notorious Locky ransomware and is an evolve variant of Bart ransomware, many users should be advised that It is likely going to be massively spread on a global scale. Anyone who has been infected by the Bart ransomware virus are strongly advised to read this article and learn what type of virus this is, what it does to your files and how to deal with it.
Download Malware Removal Tool, to See If Your System Has Been Affected By Locky Ransomware Virus and scan your system for .SHIT virus files
More Information about .perl Bart Virus
The previous versions of the Bart virus have been demanding the insane amount of 3 BTC to unlock encrypted files and there was even a ransomware variant that uses .bart.zip extension which is also an archive with a unique password, suggesting the virus is supported and distributed by different people than the original Locky ransomware.
This version of Bart is now using the unique .perl file extension and may have some improvements in the ways the virus is managed. It may be spread via several different files that may either be .hta or .wsf type of files. These malicious HTML or JavaScript type of files may be pretending to be a:
- Photo.
- Adobe PDF Document.
- Microsoft Office Document.
- Another legitimate file.
As soon as users open the files the infection process is started and the .perl variant of Bart ransomware may connect to a remote host from one of the many belonging to the Bart network and hence download the malicious payload while notifying the cyber-crooks in the same time that an infection is commencing.
The malicious payload of Bart ransomware may consist of .exe, .dll, .cmd, .bin or .bat type of files and they may be located in one of the below-mentioned critical Windows directories:
- %Roaming%
- %Local%
- %Temp%
- %AppData%
When the virus file responsible for the encryption itself has been activated it may immediately begin encrypting files. Bart ransomware may be programmed to encrypt a wide variety of file types, such as the ones below, discovered by researchers at ProofPoint.com:
.djv, .djvu, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .fla, .flv, .frm, .gif, .gpg, .hwp, .ibd, .jar, .java, .jpeg, .jpg, .key, .lay, .lay6, .ldf, .m3u, .m4u, .max, .mdb, .mdf, .mid, .mkv, .mov, .mp3, .mp4, .mpeg, .mpg, .ms11, .myf, .myi, .nef, .odb, .odg, .odp, .ods, .odt, .otg, .otp, .ots, .ott, .p12, .paq, .pas, .pdf, .pem, .php, .png, .pot, .potm, .potx, .ppam, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .psd, .rar, .raw, .rtf, .sch, .sldm, .sldx, .slk, .stc, .std, .sti, .stw, .svg, .swf, .sxc, .sxd, .sxi, .sxm, .sxw, .tar, .tbk, .tgz, .tif, .tiff, .txt, .uop, .uot, .vbs, .vdi, .vmdk, .vmx, .vob, .wav, .wb2, .wk1, .wks, .wma, .wmv, .xlc, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .zip
As soon as the .perl Bart virus detects that there are files belonging to it’s pre-configured list of file extensions, the virus gets right down to business. Unlike .shit or .thor Locky ransomware virus variants, the Bart ransomware virus, does not change the names of the encrypted files, but instead it simply adds the .perl file extension to them, for example:
- Picture.jpg.perl
This is a strong sign indicating that the .perl version of the Bart ransomware may be based on older Locky variants and may be operated by another crew. However, all of the Locky versions remain undecryptable up to this point, so it is not clear yet whether a free decryption tool will be released soon. In the meantime, malware researchers strongly advise against paying any ransom to the cyber-criminals behind the virus and to focus specifically on removing the virus yourself with an advanced anti-malware program while seeking alternative methods to restore the files. One of those alternative methods may be to use an advanced data recovery software or a decryptors for other viruses, but bear in mind that this procedure may break the files indefinitely and this is why you should make several copies of them.
Download Malware Removal Tool, to See If Your System Has Been Affected By Locky Ransomware Virus and scan your system for .SHIT virus files