A ransomware group is asking insured victims for details about their plan, boasting it will ultimately lower their risk publicity.
Released in November 2022, HardBit 2. statements to steal knowledge ahead of encrypting the sufferer organization’s knowledge, but unusually for these types of a team it has no leak web page and does not use “double extortion” as a tactic, in accordance to Varonis.
As a substitute, the group seemingly threatens even more attacks if its demands are not fulfilled.
“Rather than specifying an volume of bitcoin requested inside this ransom observe, the team seeks to negotiate with victims to arrive at a settlement,” Varonis explained in a blog site publish.
“Notably, as element of these negotiations, victims with cyber-insurance policies insurance policies are also encouraged to share aspects with HardBit so that their needs can be modified to tumble in just the plan.”
In this aspect of the ransom notice, the group seeks to portray the victim’s insurance provider as the enemy, boasting that they will often try to negotiate down on price tag, even if the policy stipulates a lot bigger protection. The inference is that this method could final result in the group leaking stolen information or refusing to offer a decryption key.
“Since the sneaky insurance coverage agent purposely negotiates so as not to pay back for the insurance policies declare, only the insurance policies enterprise wins in this situation,” the ransom note reads.
“To prevent all this and get the revenue on the insurance coverage, be positive to inform us anonymously about the availability and phrases of coverage protection. It gains both of those you and us, but it does not benefit the insurance policies business. Weak millionaire insurers will not starve…”
HardBit victims should be conscious that most insurance policies particularly prohibit the sharing of this kind of info with ransomware actors.
The malware itself appears to be quite conventional, undertaking several pre-encryption measures to expose the victim network, these types of as deleting the Windows backup utility catalog and the Quantity Shadow Duplicate Services (VSS). It also disables various Windows Defender features, and terminates scores of services connected to knowledge backup/recovery tools and endpoint security options, Varonis said.
Some parts of this article are sourced from:
www.infosecurity-journal.com