Main article: Ransomware ransomware ransomware viruses (ransomware)
2023: Creation of a decoder in Russia
On September 7, 2023, RTK-Solar announced the release of a decoder for the HardBit ransomware. This virus spreads, including in Russia.
The cybercriminal group HardBit has been known since October 2022, it encrypts company data and contacts the victim by email and the Tox messenger, demanding a ransom in bitcoins for decryption. Earlier, only foreign companies wrote about the attacks of the group, but the Russian customer, attacked by the HardBit 3.0 ransomware, turned to Solar JSOC CERT. The attackers requested $25,000 for 15 attacked hosts. The name of the Russian company affected by the virus has not been disclosed.
Solar JSOC CERT experts analyzed a sample executable file received from the customer, as well as other samples of various versions of HardBit. В HardBit 1.0. an asymmetric encryption algorithm was used - in this case, the data cannot be decrypted without the attacker's key. In later versions of HardBit 2.0 and 3.0, hackers used an unreliable password generation model for encryption. This allowed Solar JSOC CERT experts to decrypt the data.
In the HardBit 2.0 code , Russian-language names like "Ivan Medvedev" or "Aleksandr" were found - this, as emphasized in RTK-Solar, "may be a hint of the location of the ransomware developers or a false flag to confuse researchers. We also managed to find samples preceding HardBit, which confirms the development of ransomware even before the official creation of the group. In addition, the researchers found a sample with a graphical interface and viper functionality ( malware for destroying data on the victim's computer), which expands the group's arsenal.
 | HardBit can fix vulnerabilities in its encryption algorithm and the new version of HardBit 4.0, in the appearance of which we are sure it will no longer be possible to decrypt without private keys of attackers, - said Anton Kargin, engineer of the Solar JSOC CERT technical investigation at RTK-Solar. |  |
| The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible. |