RSS
Логотип
Баннер в шапке 1
Баннер в шапке 2
2023/09/08 16:23:37

HardBit (ransomware virus)

Main article: Ransomware ransomware ransomware viruses (ransomware)

2023: Creation of a decoder in Russia

On September 7, 2023, RTK-Solar announced the release of a decoder for the HardBit ransomware. This virus spreads, including in Russia.

The cybercriminal group HardBit has been known since October 2022, it encrypts company data and contacts the victim by email  and the Tox messenger, demanding a ransom in bitcoins for decryption. Earlier, only foreign companies wrote about the attacks of the group, but the    Russian customer, attacked by the HardBit 3.0 ransomware, turned to Solar JSOC CERT. The attackers requested $25,000 for 15 attacked hosts. The name of the Russian company affected by the virus has not been disclosed.

Russia has developed a decoder for the HardBit ransomware virus

Solar JSOC CERT experts analyzed a sample executable file received from the customer, as well as other samples of various versions of HardBit. В HardBit 1.0. an asymmetric encryption algorithm was used - in this case, the data cannot be decrypted without the attacker's key. In later versions of HardBit 2.0 and 3.0, hackers used an unreliable password generation model for encryption. This allowed Solar JSOC CERT experts to decrypt the data.

In the HardBit 2.0 code , Russian-language names like "Ivan Medvedev" or "Aleksandr" were found - this, as emphasized in RTK-Solar, "may be a hint of the location of the ransomware developers or a false flag to confuse researchers. We also managed to find samples preceding HardBit, which confirms the development of ransomware even before the official creation of the group. In addition, the researchers found a sample with a graphical interface and viper functionality ( malware for destroying data on the victim's computer), which expands the group's arsenal.

File:Aquote1.png
HardBit can fix vulnerabilities in its encryption algorithm and the new version of HardBit 4.0, in the appearance of which we are sure it will no longer be possible to decrypt without private keys of attackers, - said  Anton Kargin, engineer of the Solar JSOC CERT technical investigation at RTK-Solar.
File:Aquote2.png