Cybercrime , Fraud Management & Cybercrime , Ransomware

New HardBit 2.0 Ransomware Tactics Target Insurance Coverage

Hackers Demand Info on Victim's Cyber Insurance Policy to Negotiate Ransom Demand
New HardBit 2.0 Ransomware Tactics Target Insurance Coverage

A newly uncovered ransomware group is employing previously unseen extortion tactics - demanding to know the victim's cyber insurance coverage - to extort millions of dollars in ransom.

See Also: Value Drivers for an ASM Program

The HardBit ransomware group was first discovered by security researchers in October 2022. The operators of a newer version of the ransomware, dubbed HardBit 2.0, are now demanding details about the victim's insurance policy before making the ransom demand, security researchers at Varonis, who uncovered the malware, say in a recent report.

"Be sure to inform us anonymously about the availability and terms of the insurance coverage."
– HardBit 2.0 hacker message

In what appears to be a tactic to demand higher payouts from victims, the group claims the information is needed because insurers often fail to meet the claim demand made by the victims. The group also says that if the victims discloses the details of their cyber insurance privately, it will not demand any more than $10 million, which they say would be a "win-win" situation for both the victims and the hackers.

Varonis provided an example of a HardBit 2.0 message to a victim: "Since the sneaky insurance agent purposely negotiates so as to not pay for the ransom, only the insurance companies win in this situation. To avoid all of this, be sure to inform us anonymously about the availability and terms of the insurance coverage."

Other than the unique ransom extortion technique displayed by the hackers, Varonis researchers say the capabilities of the latest ransomware are no different from other variants. Although the researchers remain unclear about the hacker's initial access vector, they suggest that HardBit 2.0 is most likely deploying tried-and-tested measures of targeting employees with phishing lures, using their compromised credentials or exploiting old vulnerabilities for data exfiltration.

Once successfully compromised, the hackers first gather system information and disable antivirus checks. They then proceed to deploy the malware for encrypting the targeted files, the report says.


About the Author

Akshaya Asokan

Akshaya Asokan

Senior Correspondent, ISMG

Asokan is a U.K.-based senior correspondent for Information Security Media Group's global news desk. She previously worked with IDG and other publications, reporting on developments in technology, minority rights and education.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.