The hackers of the HardBit ransomware attempt to convince its victims to pay a ransom payment that will be covered by their insurance company

Created with Sketch.

The hackers of the HardBit ransomware attempt to convince its victims to pay a ransom payment that will be covered by their insurance company

It is in their interest to disclose all insurance details so that they can adjust their requirements so that the insurer covers all costs.

Unlike most ransomware operations, HardBit does not include a data leak site, although its operators claim to steal victims’ data and threaten to leak it unless a ransom is paid.

The attackers say that if they knew the exact insurance amount, they would know exactly how much to ask for and therefore the insurance would have to cover the claim.

Of course, victims are usually contractually limited not to disclose insurance information to attackers, and those who do so may lose any chance that the insurer will cover the damages. This is why hackers insist on sharing these details privately.

Refusing to pay the ransom and reporting the incident to law enforcement along with a consistent backup strategy are the only ways to combat this type of threat and bring it to an end.

The report by Varonis provides technical details on how HardBit 2.0 works from the initial phase and disabling of security features to achieving persistence and deployment of the encryption routine.
The researchers also shared indicators (IoCs) that help identify the threat.

Threat actor contacts:

[email protected][.]com

[email protected][.]net

[email protected][.]org

[email protected][.]com

Dropped files:

• HARDBIT.jpg – SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

• Help_me_for_Decrypt.hta

• How To Restore Your Files.txt

• README.txt

• hrdb.ico – SHA256: b565a7b25dc4227872fe972ceee9ff8fce91eb10b373ebc9401f4f32348244ef

• HardBit 2.0 samples (for research purposes, new payloads will likely have different cryptographic hashes):

• SHA256: 422e0e4e01c826c8a9f31cb3a3b37ba29fb4b4b8c4841e16194258435056d8a3

• SHA256: a0138b24593483f50ae7656985b6d6cfe77f7676ba374026199ad49ad26f2992

• SHA256: cb239d641cfa610b1eaf0ecd0f48c42dd147f547b888e4505297c4e9521d8afe

• SHA256: fafbe16c5646bf1776dd3ef62ba905b9b2cb0ee51043859a2f3cdda7dfe20d4c

https://www.varonis.com/blog/hardbit-2.0-ransomware

Leave a Reply

Your email address will not be published. Required fields are marked *

    © 2023 Cybecs

    Skip to content