Proofpoint researchers discovered a new strain of ransomware called "Bart" - no kidding.
and the desktop background is replaced with the recover.bmp file:
Ransom is currently sitting at 3 bitcoins (just under $2000), no free decryption is available. The payment portal is nearly identical to Locky's but has a very unique ransomware code.
While we are still investigating the technical details of this new ransomware, the connections between Bart and Dridex/Locky are significant. Because Bart does not require communication with C&C infrastructure prior to encrypting files, however, Bart may be able to encrypt PCs behind corporate firewalls that would otherwise block such traffic. Thus, organizations need to ensure that Bart is blocked at the email gateway using rules that block zipped executables. We will continue to monitor and analyze Bart as additional campaigns and details emerge.
Since phishing has risen to the #1 malware infection vector, and attacks are getting through your filters too often, getting your users effective security awareness training which includes frequent simulated phishing attacks is a must.
For instance, KnowBe4's integrated training and phishing platform allows you to send attachments with Word Docs with macros in them, so you can see which users open the attachments and then enable macros!
See it for yourself and get a live, one-on-one demo.
PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser: