A new ransomware strain has been discovered with a unique feature that makes analysis by cybersecurity experts more difficult.
The fourth strain of the HardBit Ransomware, HardBit 4.0, introduced passphrase protection, which needs to be provided during the runtime, in order for the ransomware to be executed properly, researchers from Cybereason revealed in a new blog post.
“Additional obfuscation hinders security researchers from analyzing the malware,” the researchers explained.
Creative ransomware
HardBit is a relatively obscure ransomware operation, first spotted in late 2022, but it stands out from the crowd by not having a data leak site and not threatening its victims with sensitive data publication. Instead, it threatens them with future attacks.
Another notable feature of HardBit is that it comes with both CLI and GUI versions. That makes it a viable tool for a wider variety of attackers, depending on their technical skill levels. The researchers said GUI is more intuitive on what and how it can be executed.
The method for the initial compromise of the victims’ endpoints is unclear at the time, with the researchers speculating that it is most likely done by brute-forcing RDP and SMB services. Once the initial compromise had been made, the attackers would deploy the Neshta dropper, which was seen in the past delivering the Big Head ransomware strain.
HardBit has always been a creative ransomware strain, with unique features. In early 2023, it was reported that the operators tried to encourage the victims to pay the ransom demand by – pitting them against their insurance companies. In a modified ransom note that came with the Hardbit 2.0 encryptor, it was said that if the ransom demand is within the range covered by the insurance company, then that company is obliged to cover the costs of the cyberattack.
Via TheHackerNews
+ There are no comments
Add yours