What has occurred?
A fresh variation of the HardBit ransomware has surfaced in the wild. It features a protective mechanism aimed at hindering analysis by security experts.
HardBit? I believe I’ve heard about it earlier.
Possibly so. HardBit first surfaced towards the end of 2022, swiftly gaining notoriety as it sought to extort ransom payments from businesses whose data it had encrypted.
That doesn’t sound strange. What set HardBit apart?
Indeed. In numerous aspects, HardBit resembles other ransomware. It operates as a ransomware-as-a-service (RaaS) endeavor provided—albeit for a fee—to other cybercriminals. These malevolent hackers infiltrate your IT systems, encrypt your data, and demand a ransom in cryptocurrency. Nonetheless, unlike several other ransomware factions presently active, HardBit does not seem to maintain a leak site on the dark web.
If they lack a leak site, do they disclose your data?
It seems they do not. Instead, they focus on extorting a ransom for a decryption key to allow affected organizations to retrieve their files. Furthermore, the group threatens to carry out additional attacks on victims if their demands are not met.
Thus, if they do not visibly possess a dark web leak site, how should you negotiate the ransom?
The ransom note from HardBit instructs victims to establish contact via TOX, an open-source peer-to-peer secure messaging platform.
And in the absence of contact…?
You are unlikely to find a means to decrypt your data, placing your company at risk of further attacks. HardBit also cautions that the ransom demand will escalate if contact is not established within 48 hours.
Hence, the urgency is apparent…
Indeed, HardBit is clearly intent on business like many other ransomware syndicates. The group has underlined this in the past by urging its corporate victims to anonymously disclose the amount and terms of their cybersecurity insurance, contending that sharing such information would benefit both perpetrators and victims—but not the insurance firms themselves.
You mentioned a new variant of HardBit. Anything notable about it?
Indeed, security researchers have noted that HardBit 4.0 has been structured to be more complex for malware analysts to dissect. The latest iteration of HardBit integrates passphrase protection. Upon executing the ransomware, a passphrase must be correctly inputted for it to function correctly. The aim seems to be to complicate the task for analysts who are unaware of the passphrase to scrutinize how the ransomware operates. Additionally, HardBit 4.0 is available in two versions: a command-line variation of the ransomware and another version with a user interface. It appears that this diversity is offered to make the ransomware more appealing to operators with varying technical proficiencies.
Ransomware intentionally enhancing its appeal to criminals is concerning…
I concur! Refer to our guidelines on safeguarding your organization from potential attacks.
About Author
