HardBit 4 is a Next-generation ransomware detected by security researchers cybereasonIt stands out for its obfuscation techniques to avoid detection and its operational motivation, which is exclusively economic.
Ransomware is a computer attack that infects a PC, smartphone (or any other electronic device) with the aim of blocking its operation and/or access to part or all of the equipment. Its most distinctive feature is that takes over files using an encryption system which prevents the owner from accessing the files. From there, cybercriminals demand a sum of money as a “ransom” from the victims to release them.
It is not surprising that ransomware has become the main cyber threat in recent years. Although it is also used for other purposes (introducing malware, controlling computers, espionage, stealing confidential information or simply causing harm on commission), its main motivation remains economic. And it moves astronomical amounts: More than $1 billion paid in ransoms in 2023.
HardBit 4, How does it work?
This Ransomware was first detected in October 2022 and from the beginning it showed exclusively financial motivations, operating, like other ransomware groups, with the aim of Generate illicit income through double extortion tactics.
Version 4.0 comes with important improvements in two key areas. The first is the obfuscation techniques to deter analysis efforts in its detection. Unlike previous versions, it features password protection, “what must be provided during runtime for the ransomware to execute properly. Additional obfuscation prevents security researchers from analyzing the malware.they explain.
Another distinctive feature of this malware is that it does not operate a data leak site, but rather pressures victims to pay by threatening to carry out more attacks in the futureIts primary mode of communication is via the Tox instant messaging service, and while the exact initial access vector used to breach target environments is unclear, it is suspected of using brute force attacks on RDP and SMB services.
The following steps include the credential theft through tools such as Mimikatz and NLBrute, and network discovery through utilities such as Advanced Port Scanner, allowing attackers to move laterally through the network via RDP. The encryption from victims’ hosts is carried out using a virus known as Neshta, which cybercriminals have used in the past to distribute other ransomware such as Big Head.
HardBit is designed to Disable the standard Windows security systemMicrosoft Defender, and other antivirus programs by terminating processes and services to evade possible detection of its activities and inhibit system recovery. It then encrypts files of interest, updates its icons, changes the desktop wallpaper, and alters the system volume label with the string “Locked by HardBit.”
Very, very dangerous, and on par with other big names such as LockBit, Akira and BlackSuit in terms of development and operation techniques. Ransomware remains a growing trend and hugely profitable for criminals. According to Symantec researchersall evidence suggests that «Exploitation of known vulnerabilities in public applications remains the primary vector for ransomware attacks».
Source: www.muycomputer.com