Security News > 2024 > July > New HardBit Ransomware 4.0 Uses Passphrase Protection to Evade Detection

Cybersecurity researchers have shed light on a new version of a ransomware strain called HardBit that comes packaged with new obfuscation techniques to deter analysis efforts.

"Unlike previous versions, HardBit Ransomware group enhanced the version 4.0 with passphrase protection," Cybereason researchers Kotaro Ogino and Koshi Oyama said in an analysis.

The follow-up steps encompass performing credential theft using tools like Mimikatz and NLBrute, and network discovery via utilities such as Advanced Port Scanner, allowing the attackers to laterally move across the network by means of RDP. "Having compromised a victim host, the HardBit ransomware payload is executed and performs a number of steps that reduce the security posture of the host before encrypting victim data," Varonis noted in its technical write-up about HardBit 2.0 last year.

"Once threat actors successfully input the decoded authorization ID, HardBit prompts for an encryption key to encrypt the files on the target machines and it proceeds with ransomware procedure," Cybereason noted.

"Wiper mode feature needs to be enabled by the HardBit Ransomware group and the feature is likely an additional feature that operators need to purchase. If the operators need wiper mode, the operator would need to deploy hard.txt, an optional configuration file of HardBit binary and contains authorization ID to enable wiper mode."

Ransomware activity continues to "Remain on an upward trend" in 2024, with ransomware actors claiming 962 attacks in the first quarter of 2024, up from 886 attacks reported year-over-year.

News URL

https://thehackernews.com/2024/07/new-hardbit-ransomware-40-uses.html