2024 Global Cyber Confidence Index

Arrow pointing right
ExtraHop Logo
  • Productschevron right
  • Solutionschevron right
  • Why ExtraHopchevron right
  • Blogchevron right
  • Resourceschevron right

Arrow pointing leftBlog

How ExtraHop NDR Detects HardBit 2.0 Ransomware (Video)


March 9, 2023

HardBit ransomware is ransomware as a service (RaaS) that was first observed in October 2022. By November, the threat had moved to version 2.0, which continues to use similar tactics, techniques, and procedures (TTPs) that allow many threat actors to evade endpoint detection and gain access to the network. However, this new version appears to also use a new tactic by targeting organizations with cybersecurity insurance. This new tactic allows attackers to negotiate a higher payout, assuring the victim that it’s in their best interest to have the insurer cover their ransomware demands.

Watch this short video with ExtraHop expert Josh Snow as he guides you through a HardBit ransomware attack, from initial access to how it gathers information, to how it overwrites and replaces content with encrypted data. He explains how network detection and response (NDR) from ExtraHop Reveal(x) 360 can detect this attack at a variety of stages, from initial access and reconnaissance, to data encryption and beyond. Josh also shows how Reveal(x) 360 detects lateral movement, including new or unusual Windows Management Instrumentation (WMI) processes, remote registry modification, suspicious SMB/CIFS file activity, and more attacker activities.

Explore related articles

Experience RevealX NDR for Yourself

Schedule a demo