What is Bert ransomware?
Bert is a recently discovered ransomware strain that encrypts the victim’s files and demands payment for the decryption key.
Why is it called Burt?
I really don’t know. Perhaps the people who created Bert put all their efforts into coding ransomware rather than considering their marketing. Maybe they really like the name “Bert”.
Or is a hacker who writes malware also called Bert?
Well, this is always possible. They also did not put their last name in (also their postal address, so the police can visit them…)
Will BERT also penetrate data?
I’m afraid it will indeed appear. There is a leaked site on the dark network that can be accessed via TOR, and the hackers behind the Bert attack list their victims and enable anyone to download the stolen data.
So if I want the company’s data, do I need to contact the hacker?
Yes, unless you have the latest backup of your data and the latest backup, your best bet is to contact the hacker who attacks you as Bert’s free decryptor. In their ransom, the hacker provides a unique ID that allows you to contact through the Session Messeneger app.
Where can I find ransom note?
The ransom note can be found in the folder next to the encrypted file and contains one that can be contacted by the hacker through the link.
Hello, from Bert!
Your network has been hacked and files are encrypted.
We download some important files from your network.
How do I know which files are encrypted by ransomware?
Encrypted files can be easily identified by checking their extension – for example, it will be attached by “.centedbybert”, so for example, a file originally called 1.jpeg will be renamed to 1.jpeg.encryptedbybert
Who was hit by Bert ransomware?
In recent weeks, Bert claimed to have stole information from organizations around the world, including a ticketing company, a Turkish hospital, an American electronics company, a Malaysian construction company, a Colombian IT Solutions Business and a Taiwanese company to produce equipment for semiconductors.
So, can no one assume that they might not be the next one on the list?
The group’s recent claim is that it has stole nearly 140 GB of sensitive information from the UK S5 Agent World, a global enterprise operating in more than 360 ports, providing vessel and cargo services.
As Online News Description, data removed from the S5 agent world includes invoices, email communications, inspection reports, employee COVID-19 vaccination, passport copy and internal company documents details. There is inevitably concern that a hacker in the maritime transport sector could lead to freight delays and, if not resolved quickly, could lead to wider supply chain bottlenecks.
How should my business defend itself from attacks like Bert?
Our advice is to follow the same advice on how to protect your organization from any other type of ransomware. These include:
- Perform a secure off-site backup.
- Run the latest security solutions and make sure your computer is protected by the latest security patches to prevent vulnerabilities.
- Use unique passwords that are difficult to crack to protect sensitive data and accounts and enable multi-factor authentication.
- Encrypt sensitive data as much as possible.
- Reduce attack surfaces by disabling features that companies don’t need.
- Educate and inform employees about the risks and methods of cybercriminals launching attacks and stealing data.
- Providers and business partners are also required to have strong security to reduce the chances of reaching the company through this route.
Guys stay safe.
Editor’s note: The opinions expressed in this article and other guest authors’ articles are only the opinions of the contributor and do not necessarily reflect Ford’s opinions.
