This new ransomware tries to stop victims recovery by using passphrases
HardBit Ransomware wants to make malware analysis impossible
A new ransomware strain has been discovered with a unique feature that makes analysis by cybersecurity experts more difficult.
The fourth strain of the HardBit Ransomware, HardBit 4.0, introduced passphrase protection, which needs to be provided during the runtime, in order for the ransomware to be executed properly, researchers from Cybereason revealed in a new blog post.
“Additional obfuscation hinders security researchers from analyzing the malware,” the researchers explained.
Creative ransomware
HardBit is a relatively obscure ransomware operation, first spotted in late 2022, but it stands out from the crowd by not having a data leak site and not threatening its victims with sensitive data publication. Instead, it threatens them with future attacks.
Another notable feature of HardBit is that it comes with both CLI and GUI versions. That makes it a viable tool for a wider variety of attackers, depending on their technical skill levels. The researchers said GUI is more intuitive on what and how it can be executed.
The method for the initial compromise of the victims’ endpoints is unclear at the time, with the researchers speculating that it is most likely done by brute-forcing RDP and SMB services. Once the initial compromise had been made, the attackers would deploy the Neshta dropper, which was seen in the past delivering the Big Head ransomware strain.
HardBit has always been a creative ransomware strain, with unique features. In early 2023, it was reported that the operators tried to encourage the victims to pay the ransom demand by - pitting them against their insurance companies. In a modified ransom note that came with the Hardbit 2.0 encryptor, it was said that if the ransom demand is within the range covered by the insurance company, then that company is obliged to cover the costs of the cyberattack.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Via TheHackerNews
More from TechRadar Pro
- This new ransomware strain wants to get your insurance details so it can negotiate a bigger price
- Here's a list of the best firewalls today
- These are the best endpoint protection tools right now
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.