Perl virus is the new Bart ransomware variant
Perl virus seems to be the third version of Bart ransomware, which follows the most recent one – Bart v2.0 ransomware. Just like its predecessor, it encrypts files with RSA-4096 cipher and adds certain file extensions, in this case – .perl file extensions, and this is where the name of this ransomware comes from. The entire functionality of the new version hardly differs from the second ransomware version, which means that PERL virus can encrypt over 140 different file types. The ransom note it saves on the computer is called recover.txt, and it places a .bmp image file instead of previous desktop wallpaper. The behavior and ransom notes left by this virus remind us of one of the most infamous computer viruses – Locky. This virus asks to use Tor browser to access provided URLs and go to the payment site. As we have entered that site, we saw that it suggests buying Bart Decryptor.
Unfortunately, but it seems that files encrypted by Perl ransomware cannot be decrypted without the unique decryption key. If you have been hit by this crypto-ransomware, you probably know that it demands to pay a ransom in order to get this decryption key, but we strongly recommend you not to do so. .Perl file extension virus might be an upgraded version of Bart, but that does not mean that it is a better version of the virus. Cyber security researchers might be able to find a decryption tool one day, so be patient. Meanwhile, remove Perl ransomware by running a system scan with anti-malware software, for instance, FortectIntego. To recover the encrypted data, use a data backup, or, if you do not have it, follow data recovery instructions presented below this article. For successful Perl removal, use instructions presented below and deactivate the virus first; otherwise, it might not be possible to start the malware removal tool. 
How did you manage to download this virus on to the system?
Perl ransomware spreads in an indirect way. It cannot be downloaded from the Internet freely. Typically, it aways for victims in software bundles, malicious websites or deceptive email attachments. Nowadays, ransomware can hide in a safe-looking PDF, Word or ZIP file, so viruses no longer need to be sent in the form of EXE files. It goes without saying that it is much easier to get your computer infected with ransomware since it can hide in safe-looking files. That is why we always recommend computer users to install reputable anti-malware programs that can prevent malware infiltration. For your safety, do not open emails that come from unknown people and do not enable Macros function in case someone sends you a document that contains a scrambled text.
Ways to remove Perl ransomware
If your PC has been affected by this virus, do not let it stay on the system. Since files cannot be recovered, you should remove Perl virus as soon as possible (of course, unless you plan to pay the ransom). We strongly recommend you not to give your money to cyber criminals, because they might not help you to recover data. Besides, if you have a data backup, you can recover them for free. Just complete Perl removal and then plug in the backup drive into the computer.
Was this guide helpful?
4 comments