| ID | X0011 |
| Aliases | None |
| Platforms | Windows |
| Year | 2017 |
| Associated ATT&CK Software | None |
Locky Bart is ransomware. [1]
| Name | Use |
|---|---|
| Process Discovery | Gathers information from the victim's machine to create an encryption key. |
| System Time Discovery | Gathers information from the victim's machine to create an encryption key. |
| Data Encrypted for Impact | Encrypts files for ransom without any connection to the Internet. |
| Executable Code Virtualization | Code virtualization is added to the Locky Bart binary using WPProtect. [1] |
[1] https://blog.malwarebytes.com/threat-analysis/2017/01/locky-bart-ransomware-and-backend-server-analysis/