HardBit ramsonware strikes back

You’ve probably received an email claiming it came from the UN or a Ministry of some country at least once. In this email, the Secretary General of the UN himself wanted to cut a deal with you, for the sake of charity, of course. The only weapon needed to avoid the trap was common sense.

However, attacks can be much more sophisticated than that. Worse, they’re ever-increasing in complexity, according to some reports. This is also the case with HardBit, a strain of ransomware that got a 2.0 update, the update less desired by anyone except cybercriminals.

This version allows HardBit to encrypt your files and demand your insurance details, too. Yes, you read that right. HardBit demands to share insurance details so the cybercriminal’s ransom is adjusted accordingly. The nerve!

How do you get this HardBit update on your system? There are many ways to get infected, be it via phishing scams, downloading software from unsavory websites, and more. Unfortunately, it’s able to bypass many security features since it disables anti-spyware and antivirus software. 

As soon as you get it, this ransomware encrypts your files, and that’s just the beginning. It disables most real-time features on Windows, such as real-time process scanning through the registry. It can also delete Volume Shadow copies, making it difficult to recover your data.

The method by which it prevents your files from being recovered is by overwriting them. This is an “improvement” compared to other ransomware which delete the original files, replacing them with encrypted ones. Those might give you a chance to recover files with specific software.

When it finishes encrypting your data, a screen communicating the good news is displayed, with instructions on what to do. The ransomware demands to contact the criminals within 28 hours through the encrypted message service Tox. It also claims the ransom will be higher if you do something funny such as contacting intermediaries for help.

Fortunately, there’s no indication of data leak possibilities since it doesn’t appear to have a site for such purposes. Additionally, HardBit is courteous enough not to employ double extortion tactics. This means your name and activities are not used as a vehicle for extorting extra money.

Once you get infected, there’s not much you can do to recover your data. That said, it’s not recommendable at all to contact criminals in any way. There’s also no guarantee that in the case you pay whatever amount they want, your files would be restored. Remember who you’re dealing with!

The best course of action is to report the issue immediately to law enforcement. It’s also critical to make regular backups of your data since it might very well be the only chance to recover your files. Never open unsolicited emails from strange sources since some of them can bypass your email provider’s filters, and don’t download pirated files or visit unsafe sites, especially those without SSL encryption.

Finally, be sure to have your security software up-to-date, so if HardBit strikes, you’ll strike harder.

Advertisement