HardBit ransomware operation has further improved its malicious payload with the integration of passphrase protection to better bypass detection, Security Affairs reports.
Despite having Windows Defender-disabling, system recovery inhibition, and service stopping functionality present in the previous two versions, HardBit 4.0 has been further obscured through delivery via the Neshta virus, according to a Cybereason report. HardBit 4.0 also maintains improvements introduced in version 3.0 of the payload, including HardBit GUI version and wiper mode support, as well as configuration file usage. "While the initial attack vector remains unconfirmed at the time of this writing, Cybereason hypothesizes that the threat actors gain an initial foothold into the victim’s environment through brute force of an open RDP and SMB service. In fact, the environment observed multiple login failures from known brute forcing IP addresses," said the report, which also noted similarities between HardBit and LockBit ransomware operations.