July 15, 2024 at 01:39AM
Cybersecurity researchers have uncovered a new version of the ransomware strain HardBit, featuring enhanced obfuscation and passphrase protection to hinder analysis efforts. The financially-motivated threat group, which operates without a data leak site, communicates via Tox messaging service and employs various tactics like credential theft and network discovery. Ransomware activity is on the rise in 2024, with LockBit, Akira, and BlackSuit emerging as prevalent families.
From the meeting notes, it appears that there is a new version of the ransomware strain called HardBit that has been highlighted by cybersecurity researchers. This new version incorporates enhanced obfuscation techniques, including passphrase protection, to hinder analysis efforts.
Key points from the notes include:
– HardBit is financially motivated and utilizes double extortion tactics to generate illicit revenues.
– The threat group stands out by pressurizing victims to pay up by threatening additional attacks in the future, instead of operating a data leak site.
– The initial access vector used to breach target environments is currently not clear, but it may involve brute-forcing RDP and SMB services.
– The ransomware payload of HardBit carries out multiple steps to reduce the security posture of the host before encrypting victim data. It also encrypts files, changes desktop wallpaper, alters the system’s volume label, and disables Microsoft Defender Antivirus.
– The ransomware requires an authorization ID for successful execution and has a wiper mode feature that operators can purchase.
Additionally, the meeting notes mention a CACTUS ransomware attack that exploits security flaws in Ivanti Sentry and utilizes legitimate remote desktop tools like AnyDesk and Splashtop to install the file-encrypting malware.
Ransomware activity is noted to be on an “upward trend” in 2024, with LockBit, Akira, and BlackSuit identified as the most prevalent ransomware families during the time period.
Finally, the notes reference a report by Palo Alto Networks indicating that the median time from compromise to data exfiltration has decreased significantly, and exploitation of known vulnerabilities in public-facing applications remains a favored vector for ransomware attacks.
Overall, the meeting notes provide valuable insights into the evolving landscape of ransomware threats and associated attack tactics.
Let me know if you need further details or insights on the meeting notes.