This new ransomware tries to block victims from recovering by using passphrases
A new ransomware variant has been discovered with a unique feature that complicates analysis by cybersecurity experts.
The fourth variant of the HardBit Ransomware, HardBit 4.0, introduced passphrase protection, which must be applied at runtime for the ransomware to execute properly, researchers from Cybereason revealed in a new blog post.
“Additional obfuscation hinders security researchers from analyzing the malware,” the researchers said.
Creative ransomware
HardBit is a relatively obscure ransomware operation, first spotted in late 2022, but it stands out from the crowd in that it doesn’t have a data breach site and doesn’t threaten its victims with the publication of sensitive data. Instead, it threatens them with future attacks.
Another notable feature of HardBit is that it comes with both CLI and GUI versions. This makes it a useful tool for a wider variety of attackers, depending on their technical skills. The researchers said that GUI is more intuitive about what and how it can be executed.
The method for the initial breach of victims’ endpoints is unclear at the time, with researchers speculating that it was likely done by brute-forcing RDP and SMB services. After the initial breach was made, the attackers reportedly deployed the Neshta dropper, which has historically delivered the Big Head ransomware strain.
HardBit has always been a creative ransomware variant, with unique features. In early 2023, it was reported that the operators were trying to encourage victims to pay the ransom by turning them against their insurance companies. A customized ransom note delivered with the Hardbit 2.0 encryptor stated that if the ransom falls within the reach of the insurance company, that company is obligated to cover the costs of the cyberattack.
Through TheHackerNews