A
ransomware
outfit
is
advising
its
victims
to
secretly
tell
them
how
much
insurance
they
have,
so
their
extortion
demands
will
be
met.
As
security
researchers
at
Varonis
describe,
a
new
strain
of
the
HardBit
ransomware
has
taken
the
unusual
step
of
asking
targeted
companies
to
spill
the
beans
of
whether
they
have
cyber
insurance
(and
the
terms
of
that
insurance)
anonymously.
According
to
a
part
of
a
message
in
the
ransomware
note
dropped
on
computers
after
an
attack,
sharing
insurance
details
benefits
both
the
victim
and
the
attackers.
…since
the
sneaky
insurance
agent
purposely
negotiates
so
as
not
to
pay
for
the
insurance
claim,
only
the
insurance
company
wins
in
this
situation.
To
avoid
all
this
and
get
the
money
on
the
insurance,
be
sure
to
inform
us
anonymously
about
the
availability
and
terms
of
insurance
coverage,
it
benefits
both
you
and
us,
but
it
does
not
benefit
the
insurance
company.
HardBit
2.0
claims
to
steal
files
from
compromised
networks,
encrypts
the
data
it
leaves
behind,
and
demands
a
cryptocurrency
ransom
be
paid
–
dangling
the
threat
that
company
secrets
will
be
released
online.
Whether
this
threat
is
genuine
or
not
is
up
for
question,
as
to
date
no
one
seems
to
have
discovered
a
data
leak
site
operated
by
the
HardBit
gang.
However,
the
cybercriminals
behind
HardBit
2.0
do
also
warn
that
if
payment
is
not
made
victims
will
not
only
never
have
access
to
their
files
again,
but
are
warned
that
their
company
will
be
attacked
again
in
the
future.
Furthermore,
if
payment
is
not
received
or
negotiations
have
not
begun
within
48
hours,
HardBit
2.0
warns
that
the
ransom
will
be
doubled.
So,
what’s
a
company
to
do
if
it
gets
hit
by
HardBit
2.0?
It
can
restore
from
a
(hopefully)
working,
uncompromised
backup
and
replace
its
encrypted
data
and
replace
with
uncorrupted
versions.
The
business
may
cross
its
fingers
that
the
HardBit
attackers
won’t
release
any
stolen
data
in
future,
and
won’t
attempt
another
attack.
Or
the
corporate
victim
can
make
the
difficult
decision
to
negotiate
with
its
attackers,
in
the
hope
that
an
agreement
can
be
made.
That
is
clearly
the
cybercriminals’
ideal
scenario.
After
all,
they
don’t
win
anything
by
releasing
data
(other
than
stoke
their
image
of
a
ransomware
gang
that’s
not
to
be
trifled
with).
They
probably
don’t
even
want
to
hack
the
company
again,
if
they
don’t
think
there
is
any
prospect
of
extracting
a
ransom
payment
in
future.
No,
the
attackers
would
rather
that
a
simple
financial
transaction
be
made,
and
they
can
then
go
on
to
find
their
next
victim.
What
they
don’t
want
is
a
third-party
negotiator
or
insurer
lowballing
them.
And
that’s
why
part
of
their
ransom
note
sets
out
that
companies
hit
by
HardBit
2.0
should
be
prepared
to
share
the
details
of
their
cyber
insurance:
Very
important!
For
those
who
have
cyber
insurance
against
ransomware
attacks.
Insurance
companies
require
you
to
keep
your
insurance
information
secret,
this
is
to
never
pay
the
maximum
amount
specified
in
the
contract
or
to
pay
nothing
at
all,
disrupting
negotiations.
The
insurance
company
will
try
to
derail
negotiations
in
any
way
they
can
so
that
they
can
later
argue
that
you
will
be
denied
coverage
because
your
insurance
does
not
cover
the
ransom
amount.
For
example
your
company
is
insured
for
10
million
dollars,
while
negotiating
with
your
insurance
agent
about
the
ransom
he
will
offer
us
the
lowest
possible
amount,
for
example
100
thousand
dollars,
we
will
refuse
the
paltry
amount
and
ask
for
example
the
amount
of
15
million
dollars,
the
insurance
agent
will
never
offer
us
the
top
threshold
of
your
insurance
of
10
million
dollars.
He
will
do
anything
to
derail
negotiations
and
refuse
to
pay
us
out
completely
and
leave
you
alone
with
your
problem.
If
you
told
us
anonymously
that
your
company
was
insured
for
$10
million
and
other
important
details
regarding
insurance
coverage,
we
would
not
demand
more
than
$10
million
in
correspondence
with
the
insurance
agent.
That
way
you
would
have
avoided
a
leak
and
decrypted
your
information.
The
cybercriminals
behind
HardBit
even
attempt
to
quash
any
pangs
of
guilt
an
IT
administrator
or
CISO
might
be
having
about
sharing
details
of
their
insurance:
“Poor
multimillionaire
insurers
will
not
starve
and
will
not
become
poorer
from
the
payment
of
the
maximum
amount
specified
in
the
contract,
because
everyone
knows
that
the
contract
is
more
expensive
than
money,
so
let
them
fulfill
the
conditions
prescribed
in
your
insurance
contract,
thanks
to
our
interaction,”
the
ransom
note
concludes.
Should
you
pay
a
ransom
if
cybercriminals
have
hit
your
company?
Should
you
help
them
extract
the
maximum
amount
possible
from
your
insurers?
That’s
a
question
ultimately
only
you
can
decide.
Better,
clearly,
to
have
successfully
managed
to
fend
off
an
attack
in
the
first
place
so
your
business
is
never
placed
in
such
a
dilemma.
Editor’s
Note:Â The
opinions
expressed
in
this
guest
author
article
are
solely
those
of
the
contributor,
and
do
not
necessarily
reflect
those
of
Tripwire,
Inc.
About Author
