Researchers release free decryption tools for PowerWare and Bart ransomware
Security researchers have released tools this week that could help users recover files encrypted by two relatively new ransomware threats: Bart and PowerWare.
PowerWare, also known as PoshCoder, was first spotted in March, when it was used in attacks against healthcare organizations. It stood out because it was implemented in Windows PowerShell, a scripting environment designed for automating system and application administration tasks.
Researchers from security firm Palo Alto Networks have recently found a new version of this threat that imitates a sophisticated and widespread ransomware program called Locky. It uses the extension .locky for encrypted files and also displays the same ransom note used by the real Locky ransomware.