Bart Ransomware Removal Guide

Do you know what Bart Ransomware is?

Bart Ransomware is a rather unusual malicious program that locks personal files on user’s computer. Most of other ransomware infections encipher data with the AES or RSA encryption algorithms. However, this malicious application does not use such cryptosystems. It appears to be that the malware places each file in its own password-protected ZIP archive. Sadly, no one has found a way to decrypt such data yet. You may think about paying the ransom to unlock your files, but since the asked price is quite large, it is better to consider such option carefully. Before you decide what to do, you should read more about Bart Ransomware and if you want to delete the malware from the system, take a look at the removal guide below.

The malware should be spread with Spam emails that contain a ZIP archive attachment. To be more precise, the attached file could be named as,, and similarly. If you opened such attachment yourself and all data on the computer got locked, there is no doubt that you opened an infected archive. In situations like these, it is better to scan files before opening them. Especially if they come from someone that you are not familiar with. Nevertheless, if your friend or family member was not supposed to send you anything, it is better to take extra precautions as well. Email attachments is a common way to distribute malware, and they often look harmless too.Bart Ransomware Removal GuideBart Ransomware screenshot
Scroll down for full removal instructions

It appears to be that the ZIP archive should contain a few files of different types, and it is enough to open at least one of them to infect the computer. The strange thing is that Bart Ransomware checks the set language on the victim’s computer and if it happens to be Russian, Belorussian, or Ukrainian, the malware does not proceed with the encryption. It could be that the malicious program's creators are from these countries themselves. Bart Ransomware can encrypt different types of data, e.g. mpeg, .vob, .mpg, .wmv, .fla, .swf, .wav, .mp3, .qcow2, .vdi, .vmdk, .vmx, .gpg, .aes, .ARC, .PAQ, .tar.bz2, .tbk, .bak, .tar, .tgz, .gz, .7z, .rar, .zip, .djv, .djvu, .svg, .bmp, .png, .gif, .raw, .cgm, .jpeg, .jpg, .tif, .tiff, .NEF, .psd, .cmd, .bat, .sh, .class, .jar, .java, and other. Mostly, it targets private data which is usually more valuable to the user than program files.

As it was mentioned earlier, each file is placed in its own ZIP archive that could have a unique password as well. After that, Bart Ransomware changes user’s Desktop wallpaper, places recover.bmp and recover.txt files on Desktop, and launches the recover.bmp file. The text on the image says that “all your files are encrypted” and if you want to restore them you have to get a private key. The warning note also provides a few links that should lead users to a website where the ransomware’s creators placed further instructions. They demand to be paid 2 Bitcoins, which might seem like a small amount if you do not know that it is approximate $1279 or €1151 at the moment.

It is your choice if you want to pay the ransom, although we would strongly advise against it. First of all, there are no guarantees that you will get this public key and second of all, there is a chance that the ransomware’s creators do not have it themselves. If you do not want to risk losing such a large sum, you should simply erase what is left of the malware. The instructions below will show you how to remove files that were placed by the malicious program on your Desktop. Bart Ransomware should delete its main file after encryption, but just to be safe, users should check their computers with a legitimate security tool. The infection was created quite recently, and there might be details that researchers have not learned yet. Thus, download a security tool and do a system scan.

Remove Bart Ransomware

  1. Go to your Desktop.
  2. Find two files named as recover.bmp and recover.txt.
  3. Select recover.bmp, press Shift+Delete, and click Yes.
  4. Repeat it with the recover.txt file.

In non-techie terms:

Bart Ransomware is a rather new malicious application, and there still might be some hope that someone could come up with a solution. Therefore, there is no need to despair yet, but it is important that you learn from this experience. If you do not want this to happen again, you should get a trustworthy antimalware tool and do regular system backups. Also, make sure that all email attachments are harmless before you open them or avoid suspicious files.