D'oh... Locky and Dridex authors return with latest warez

Many will remember the Simpsons episode where Homer was kidnapped in Brazil resulting in the family having to pay 50,000 dollars for his release.

The latest Simpsons namesake associated with a ransom has shifted now to everyone's favourite mischievous cartoon scamp, Bart.

As harmless and risible the high-jinks that make him famous may be, such as crank calls to the long suffering tavern owner Mo - notable classics inluding:

Moe: Hello, Moe's Tavern. Birthplace of the Rob Roy.

Bart: Is Seymour there? Last name Butz.

Moe: Just a sec. Hey, is there a Butz here? A Seymour Butz? Hey, everybody, I wanna Seymour Butz!

(realizes) Wait a minute... Listen, you little scum-sucking pus-bucket! When I get my hands on you, I'm gonna pull out your eyeballs with a corkscrew!

Bart ransomware however offers no such diversion.

Victims, instead of being tricked into the ruse of commiting an infantile faux-pas, are informed of their compromise and offered the alternative of paying 3 bitcoins (at time of writing equating to around 1425 Pounds Sterling or 1900 US Dollars) to restore their files.

This particular ransomware was first discovered a few days ago by security vendor Phishme.

It differs greatly in operation from previous malware from presumably the same authors, notably in its lack of reliance on Command and Control servers, thus reducing the required investment and complexity on the attackers side.

Similar to Locky and Dridex the tool employs rogue JavaScript desseminated via ZIP attachments within emails, often containing permutations of the names photos.zip, pictures.zip or image.zip.

The ransom note, which displays itself as the desktops background is localised for English, Spanish, French, German and Italian and interestingly if the user's language pack is detected in Russian, Ukranian or Belorussian the users files aren't encrypted.

Instead of employing the typical C2 key pair storing procedure where the encrypted files key is passed to the attackers command servers only available on release following payment of the ransom, Bart operates by placing the victims files in password protected ZIPs.

The methods of operation and increased cost in terms of the price of the ransom, shows a worrying change in direction from the authors of these already difficult and potentially crippling digital infections.

The cost of operations and complexity have reduced on the attackers side, which arguably will see a rise in volume of these attacks as the tools become more accessible to a larger number of malicious players.

The hardest hit in this latest wave won't be the organisations who can respond quickly to these threats, employ an adequate backups system for restore in occasion of compromise and have the ability the filter the included attachment names at the perimeter but instead the security naive end users on their home machines.

Given that the targeted file extentions within this exploit include many common formats such as .jpg, .mp3, .mov, .docx and .xlsx amongst others, there's probably never been a better time for everyone to back up personal files and folders, update the antivirus and be suspicious of innocent sounding callers requesting a call out for gag names in your local bar.