First identified in October 2022, Hardbit ransomware is out with version 2.0. Unlike most other ransomware operators at this time, the group does not feature a data leak website that can be used to threaten to leak victims data. Upon infection, the malware will work to lower the victims security by disabling Windows Defender is it is active. The malware also targets 86 processes for termination, to make sensitive files available for encryption. It establishes persistence by adding itself to the “Startup” folder, and deletes the Volume Shadow copies to make data recovery more difficult. After infection and encryption, the ransomware drops a note to the victim to inform them of the process to regain their files. What makes Hardbit unique is that they also ask the victim to share the details of their cybersecurity insurance if they have it. By doing this the group is able to set a ransomware payment within the terms of the insurance and improve the likelihood of a successfully receiving an extortion payment.
12 Essentials for a Successful SOC Partnership
Binary Defense
January 12, 2023
As cyber threats continue to impact businesses of all sizes, the need for round-the-clock security
