The second version of HardBit ransomware was observed trying to find out the victim`s insurance details. Their goal was to settle the ransom demand at a price that the victim`s insurance company could pay.
Who Is HardBit
HardBit is a ransomware strain that targets organizations and demands cryptocurrency payments in order to decrypt the stolen data. It was first observed in October 2022 and came up with the 2.0 updated version by the end of November.
Atypically HardBit does not have a data leak site and does not use the double extortion tactic. Until now, they didn`t threaten victims with public exposure of the stolen data. However, the hackers do threaten to steal victim data and leak it if they don`t pay.
According to researchers, HardBit does not only encrypt the victim’s files. They also attack the overall security system of the host PC by disabling:
- real-time behavioral monitoring,
- real-time on-access file protection,
- anti-spyware capabilities,
- real-time process scanning through the Windows Registry.
HardBit also adds itself to the ”Startup” folder, to ensure persistence. It deletes the Volume Shadow copies, so data recovery will be more difficult.
HardBit opens and overwrites the files, instead of making copies and deleting originals, like most ransomware strains do. This fastens a bit the encryption process and also makes the recovery work harder for the experts.
Ransom Negotiation Techniques
After it completes the encryption process, HardBit leaves a ransom note and asks the victim to contact the attackers. Companies that have cybersecurity insurance get a custom set of instructions.
Their note urges them to reveal financial data about their insurance. In the note, hackers claim the insurance company is the „bad guy” of the story since it refuses to pay a proper ransom. They pretend that if they know for sure the insurance amount, they will know how much to ask.
Of course, victims are also typically contractually limited not to disclose insurance details to the attackers, and doing so risks losing any chance of the insurer covering the damages. This is why the hackers insist on these details to be shared privately.
According to researchers, victims should however refuse to pay the ransom and report the incident to law enforcement. Companies can protect themselves against to ransomware attacks if they enforce proper cybersecurity measures.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube for more cybersecurity news and topics.