Extortary malicious software called Hardbit updated to version 2.0. Now attackers are trying to agree with the victims of the payment of such a ransom that their insurance company can cover.
Unlike most other extortionists, Hardbit does not have a site on which the merged data will be posted after the timer. However, the extortionists themselves in their note claim that the encrypted data are stolen, and threaten them with a leak if the ransom is not paid.
Hardbit 2.0 has some opportunities for reducing security in the victim system. For example, harmfulness can change the Windows registry to influence the built -in Microsoft Defender, making its work ineffective. The harmfulness is also prescribed in Windows Automation and deleys all softened backups created by the system so that the user does not be able to restore his data.
An interesting feature of harm is the same by the data encryption stage. Instead of recording encrypted data in a copy of files and removing originals, as many extortion programs do, Hardbit 2.0 works with the originals of files by rewriting their contents with encrypted data. This approach greatly complicates the restoration of the starting files and slightly accelerates the encryption.
The Hardbit 2.0 note does not indicate a specific amount of money that hackers want to receive in exchange for the key to decryption. Victims are given 48 hours to contact an attacker through a protected one -ranking application for messaging.
Brushing note Hardbit 2.0
For companies that have insurance in case of cyber attacks, hackers have a more detailed set of instructions and urge them to open an insurance amount for a successful dialogue. Moreover, hackers put up insurance companies in the worst light, assuring the victims that insurers never negotiate with extortionists and do not take into account the interests of their customers.
“In order to avoid all this and get money for insurance, be sure to inform us about the conditions of insurance coverage. It is beneficial for you and us, but not an insurance company,” say Hardbit operators in a note for victims. Attackers assure that they will adjust the amount of ransom so that the victims of the attack do not pay anything from their pocket.
According to the insurance contract, it is impossible to disclose insurance details to attackers, this can lead to the loss of any chance that the insurer will cover losses. That is why hackers insist that these data be transmitted anonymously.
However, regardless of the assurances of extortionists, their goal is to get money. Fraudsters can promise anything, but they should not trust them. Refusal to pay the ransom and a message about the incident to law enforcement agencies are the only true ways to combat this type of threats.