This new ransomware tries to stop victims recovery by using passphrases

HardBit Ransomware wants to make malware analysis impossible

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A newransomwarestrain has been discovered with a unique feature that makes analysis by cybersecurity experts more difficult.

The fourth strain of the HardBit Ransomware, HardBit 4.0, introduced passphrase protection, which needs to be provided during the runtime, in order for the ransomware to be executed properly, researchers from Cybereason revealed in a new blog post.

“Additional obfuscation hinders security researchers from analyzing the malware,” the researchers explained.

Creative ransomware

Creative ransomware

HardBit is a relatively obscure ransomware operation, first spotted in late 2022, but it stands out from the crowd by not having a data leak site and not threatening its victims with sensitive data publication. Instead, it threatens them with future attacks.

Another notable feature of HardBit is that it comes with both CLI and GUI versions. That makes it a viable tool for a wider variety of attackers, depending on their technical skill levels. The researchers said GUI is more intuitive on what and how it can be executed.

The method for the initial compromise of the victims’ endpoints is unclear at the time, with the researchers speculating that it is most likely done by brute-forcing RDP and SMB services. Once the initial compromise had been made, the attackers would deploy the Neshta dropper, which was seen in the past delivering the Big Head ransomware strain.

HardBit has always been a creative ransomware strain, with unique features. In early 2023, it was reported that the operators tried to encourage the victims to pay the ransom demand by - pitting them against their insurance companies. In a modified ransom note that came with the Hardbit 2.0 encryptor, it was said that if the ransom demand is within the range covered by the insurance company, then that company is obliged to cover the costs of the cyberattack.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

ViaTheHackerNews

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

A new form of macOS malware is being used by devious North Korean hackers

Scammers are using fake copyright infringement claims to hack businesses

Belkin’s Travel Bag for Vision Pro has pockets and is way cheaper than Apple’s own case