Ransomware Gang Seeks to Exploit Victim’s Insurance Coverage

A ransomware group is inquiring insured victims for specifics about their policy, declaring it will in the end lower their risk publicity.

Introduced in November 2022, HardBit 2. statements to steal info just before encrypting the target organization’s knowledge, but unusually for these a team it has no leak website and does not use “double extortion” as a tactic, according to Varonis.

Instead, the team evidently threatens even more attacks if its calls for are not achieved.

✔ Approved Seller From Our Partners

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount

“Rather than specifying an amount of money of bitcoin asked for within this ransom notice, the team seeks to negotiate with victims to reach a settlement,” Varonis stated in a website put up.

“Notably, as element of these negotiations, victims with cyber-insurance policies insurance policies are also inspired to share specifics with HardBit so that their needs can be adjusted to slide within just the plan.”

In this portion of the ransom be aware, the group seeks to portray the victim’s insurance provider as the enemy, professing that they will generally attempt to negotiate down on value, even if the coverage stipulates substantially larger coverage. The inference is that this technique could end result in the team leaking stolen data or refusing to offer a decryption key.

“Since the sneaky insurance coverage agent purposely negotiates so as not to spend for the insurance policy assert, only the insurance policy organization wins in this circumstance,” the ransom note reads.

“To avoid all this and get the income on the insurance coverage, be confident to notify us anonymously about the availability and phrases of insurance policies coverage. It rewards each you and us, but it does not advantage the insurance coverage enterprise. Poor millionaire insurers will not starve…”

HardBit victims should be informed that most guidelines specifically prohibit the sharing of this variety of details with ransomware actors.

The malware itself seems to be pretty typical, undertaking many pre-encryption steps to expose the target network, these kinds of as deleting the Windows backup utility catalog and the  Volume Shadow Duplicate Assistance (VSS). It also disables various Windows Defender characteristics, and terminates scores of services linked to facts backup/recovery tools and endpoint security solutions, Varonis explained.