Security Alerts & News
by Tymoteusz A. Góral

History
#1029 Bart ransomware shows it can be effective without sophisticated encryption
Most ransomware programs encrypt files with a locally generated AES (Advanced Encryption Standard) key, which is then itself encrypted with a public RSA key that's part of a public-private key pair. The private key, which is needed for decryption, is sent to a command-and-control server operated by attackers and deleted from the local computer.

Bart does not use public key cryptography like RSA. It scans for files with certain extensions -- music, photos, videos, archives, documents, databases and more -- and then locks them in password-protected ZIP archives using the naming format: original_name.extension.bart.zip.

The ZIP format supports AES encryption natively, so its creators didn't need to implement AES themselves, which is prone to errors. This doesn't mean Bart is flawless, but, at least for now, there's no known way to recover the affected files.

Because it doesn't use public-private key pairs, the new ransomware program doesn't need a command-and-control server either, significantly reducing the costs of development for its creators.

The attackers use only a Tor-hosted payment gateway where victims can submit their malware-generated unique ID, pay the ransom in bitcoin and receive a decryptor. The ransom amount is 3 bitcoins, or around US$1,920, which is high, especially if the victim is not a company.
Read more
#1032 US Healthcare records offered for sale online
#1031 Malicious app found on Google Play, steals Viber photos and videos
#1030 New exploits target hospital devices, places patients at risk
#1029 Bart ransomware shows it can be effective without sophisticated encryption
#1028 A massive botnet of CCTV cameras involved in ferocious DDoS attacks
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12