Researchers at Varonis detailed the second iteration of the HardBit ransomware group – that’s asking victims to share their cyber insurance details for easy recovery of their data.
Posing insurers as villains, the ransomware group persuades victims to disclose their insurance details for asking for the appropriate ransom amount. Also, they warn them not to involve any mediators in recovering their data, as it would only make it harder for everyone.
HardBit 2.0 New Policies
To the unknown, HardBit ransomware is a relatively new threat group first observed in October 2022, while a second version was introduced in November 2022, which is now approaching victims with a new technique to make them pay.
As noted by Varonis, a data security and analytics company, HardBit 2.0 comes with a host of features like process scanning, on-access file protections, and the ability to modify Registry to disable Windows Defender’s real-time behavioral monitoring,
Further, it terminates 86 processes and establishes persistence by adding itself to the “Startup” folder and also deletes the Volume Shadow copies. One interesting aspect recorded by researchers is that HardBit 2.0 opens the user files and overwrites their content with encrypted data instead of writing encrypted data to file copies and deleting the originals like others.
This would make data recovery much hard, even for experts. When it comes to ransom demands, it doesn’t directly ask for money – but instead directs the victim to contact them via an open-source encrypted peer-to-peer communications messaging app.
Here, they would ask the victims to share their cyber insurance details – if having any – so to fix an appropriate ransom amount to be paid. Painting insurance companies as the bad guys – saying that insurers never negotiate with ransomware actors with their client’s interests in mind – HardBit tries to convince the victims to better deal with themselves directly.
“To avoid all this and get the money on the insurance, be sure to inform us anonymously about the availability and terms of the insurance coverage, it benefits both you and us, but it does not benefit the insurance company.”
Though it seems convincing, mind that disclosing your insurance details to others is also a violation of terms – which may cancel your claim too! So refusing to pay the ransom and reporting the incident to law enforcement is the best way, and maintaining a data backup strategy is always recommended to avoid these situations.