Ransomware, Threat Intelligence

Improved detection evasion added to updated HardBit ransomware

Share
(Stock Photo, Getty Images)

HardBit ransomware operation has further improved its malicious payload with the integration of passphrase protection to better bypass detection, Security Affairs reports.

Despite having Windows Defender-disabling, system recovery inhibition, and service stopping functionality present in the previous two versions, HardBit 4.0 has been further obscured through delivery via the Neshta virus, according to a Cybereason report. HardBit 4.0 also maintains improvements introduced in version 3.0 of the payload, including HardBit GUI version and wiper mode support, as well as configuration file usage. "While the initial attack vector remains unconfirmed at the time of this writing, Cybereason hypothesizes that the threat actors gain an initial foothold into the victim’s environment through brute force of an open RDP and SMB service. In fact, the environment observed multiple login failures from known brute forcing IP addresses," said the report, which also noted similarities between HardBit and LockBit ransomware operations.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.