HardBit ransomware is ransomware as a service (RaaS) that was first observed in October 2022. By November, the threat had moved to version 2.0, which continues to use similar tactics, techniques, and procedures (TTPs) that allow many threat actors to evade endpoint detection and gain access to the network. However, this new version appears to also use a new tactic by targeting organizations with cybersecurity insurance. This new tactic allows attackers to negotiate a higher payout, assuring the victim that it’s in their best interest to have the insurer cover their ransomware demands.
Watch this short video with ExtraHop expert Josh Snow as he guides you through a HardBit ransomware attack, from initial access to how it gathers information, to how it overwrites and replaces content with encrypted data. He explains how network detection and response (NDR) from ExtraHop Reveal(x) 360 can detect this attack at a variety of stages, from initial access and reconnaissance, to data encryption and beyond. Josh also shows how Reveal(x) 360 detects lateral movement, including new or unusual Windows Management Instrumentation (WMI) processes, remote registry modification, suspicious SMB/CIFS file activity, and more attacker activities.