Hardbit 2.0 Ransomware Updates Older Version to Become More Aggressive
A new variant of the HARDBIT ransomware called HARDBIT 2.0 has been identified through an analysis of malware samples submitted to online threat databases. HARDBIT 2.0 encrypts data and adds a random string of characters, the victim's ID, email address, and the ".hardbit2" extension to the filenames. It also alters the desktop wallpaper and generates two ransom notes ("Help_me_for_Decrypt.hta" and "How To Restore Your Files.txt"). For instance, "1.jpg" would be renamed to "o7pvb003x0.[id-BFEBFBFF000A0655].[godgood55@tutanota.com].hardbit2" and so forth.
Upon examining the ransom notes, it was discovered that the victims have to contact the attackers within 48 hours to avoid doubling the initial decryption charge. The cybercriminals can be contacted through the Tox chat or via email addresses such as godgood55@tutanota.com and alexgod5566@xyzmailpro.com. The ransom must be paid in Bitcoin cryptocurrency, and the hackers guarantee to provide a decryption tool after receiving the payment. The attackers warn the victims not to rename or decrypt the files on their own. Before paying the ransom, the victims are offered the opportunity to have two files decrypted for free.
According to one of the ransom notes, if the victims do not contact the attackers, the files will be exposed or published.
Hardbit 2.0 Uses Lengthy Ransom Note
The complete text of the Hardbit 2.0 ransom note reads as follows:
HARDBIT RANSOMWARE
what happened?
All your files have been stolen and then encrypted. But don't worry, everything is safe and will be returned to you.
How can I get my files back?
You have to pay us to get the files back. We don't have bank or paypal accounts, you only have to pay us via Bitcoin.
How can I buy bitcoins?
You can buy bitcoins from all reputable sites in the world and send them to us. Just search how to buy bitcoins on the internet. Our suggestion is these sites.hxxps://www.binance.com/enhxxps://www.coinbase.com/hxxps://localbitcoins.com/hxxps://www.bybit.com/en-US/<<
What is your guarantee to restore files?
Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will cooperate with us. Its not in our interests.
To check the ability of returning files, you can send to us any 2 files with SIMPLE extensions(jpg,xls,doc, etc… not databases!) and low sizes(max 1 mb), we will decrypt them and send back to you.That is our guarantee.
How to contact with you?
Or contact us by email:>>godgood55@tutanota.comalexgod5566@xyzmailpro.com<;<
How will the payment process be after payment?
After payment, we will send you the decryption tool along with the guide and we will be with you until the last file is decrypted.
What happens if I don't pay you?
If you don't pay us, you will never have access to your files because the private key is only in our hands. This transaction is not important to us,
but it is important to you, because not only do you not have access to your files, but you also lose time. And the more time passes, the more you will lose andIf you do not pay the ransom, we will attack your company again in the future.
What are your recommendations?
- Never change the name of the files, if you want to manipulate the files, make sure you make a backup of them. If there is a problem with the files, we are not responsible for it.
- Never work with intermediary companies, because they charge more money from you. For example, if we ask you for 50,000 dollars, they will tell you 55,000 dollars. Don't be afraid of us, just call us.
Very important! For those who have cyber insurance against ransomware attacks.
Insurance companies require you to keep your insurance information secret, this is to never pay the maximum amount specified in the contract or to pay nothing at all, disrupting negotiations.
The insurance company will try to derail negotiations in any way they can so that they can later argue that you will be denied coverage because your insurance does not cover the ransom amount.
For example your company is insured for 10 million dollars, while negotiating with your insurance agent about the ransom he will offer us the lowest possible amount, for example 100 thousand dollars,
we will refuse the paltry amount and ask for example the amount of 15 million dollars, the insurance agent will never offer us the top threshold of your insurance of 10 million dollars.
He will do anything to derail negotiations and refuse to pay us out completely and leave you alone with your problem. If you told us anonymously that your company was insured for $10 million and other
important details regarding insurance coverage, we would not demand more than $10 million in correspondence with the insurance agent. That way you would have avoided a leak and decrypted your information.
But since the sneaky insurance agent purposely negotiates so as not to pay for the insurance claim, only the insurance company wins in this situation. To avoid all this and get the money on the insurance,
be sure to inform us anonymously about the availability and terms of insurance coverage, it benefits both you and us, but it does not benefit the insurance company. Poor multimillionaire insurers will not
starve and will not become poorer from the payment of the maximum amount specified in the contract, because everyone knows that the contract is more expensive than money, so let them fulfill the conditions prescribed in your insurance contract, thanks to our interaction.Your ID :-
Your Key -
How Can Ransomware Like Hardbit 2.0 Infect Your System?
Ransomware such as HARDBIT 2.0 can infect your system in various ways. Here are some common methods:
- Email phishing: Ransomware can be spread through emails that trick the recipient into downloading an attachment or clicking on a link that contains the malware.
- Malicious websites: Visiting malicious websites or clicking on suspicious ads can also result in a ransomware infection.
- Software vulnerabilities: Exploiting security vulnerabilities in software, operating systems, or applications is another way ransomware can infect your system.
- Drive-by downloads: Malware can be downloaded onto your computer without your knowledge or consent when you visit a compromised website.
- Social engineering: Cybercriminals may use social engineering tactics to trick you into downloading or installing malware, such as posing as a legitimate software or service provider.
It's important to maintain a robust cybersecurity posture by keeping your software and operating system up to date, using antivirus and anti-malware software, avoiding suspicious emails and links, and regularly backing up your data to prevent data loss in case of a ransomware attack.
