Ransomware called HardBit has moved to version 2.0 and its operators attempt to negotiate a ransom payment that would be covered by the victim's insurance company.
More precisely, the threat actor attempts to convince the victim that it is in their best interest to disclose all their insurance details so that they can adjust their demands so that the insurer covers all costs. Technology news site BleepingComputer reported this information on February 20. Hackers thus encourage cyber insurance companies to disclose the amount of insurance so that the dialogue can succeed.. Furthermore, hackers make it appear that sharing insurance information is beneficial to the victim, by making the insurer look like the bad guy who is obstructing the recovery of their data. Threat actors say insurers never negotiate with ransomware actors with their customers' interests in mind, and therefore make counter-offers to their demands only to derail negotiations and refuse to pay.
HardBit 2.0 more penalizing
An interesting thing about the encryption phase is that instead of writing the encrypted data to copies of files and deleting the originals like many strains do, HardBit 2.0 opens files and overwrites their contents with encrypted data. This approach makes it more difficult for experts to recover the original files and makes encryption slightly faster. “Originally, cyber insurance was only intended to cover the costs of resuming activity for victims. However, ransomware groups have exploited this model by indirectly extracting astronomical ransom payments from insurance companies. HardBit attacks show that ransomware groups are going further and “innovating”, avertit Benoît Grunemwald, cybersecurity expert at ESET France.
