Harditem Ransomware


Harditem is the name of a newly discovered strain of ransomware.

The malicious program behaves like you would expect it to - it encrypts files on the victim system, scrambling most document, media and archive file types. Once encrypted, the files receive the ".harditem" extension appended past their original one. This means that a file originally named "skiing.mp4" will transform into "skiing.mp4.harditem" once it has been encrypted.

When the encryption process completes, the ransomware creates copies of its ransom note in multiple locations, including the desktop. The ransom note is called "RESTORE_FILES_INFO.txt". There is no ransom demand listed and victims are expected to contact the hackers and negotiate with them - something that is never a good idea.

The full text of the ransom note goes as follows:

Your files are secured…

Contact emails: harditem at firemail dot cc and harditem at hitler dot rocks (spare) or jabber harditem at xmpp dot jp

Send me your ID in the first email to all specified addresses

Key Identifier: [alphanumeric string]

Negotiations with criminals are never a wise choice, so offline backups remain the best way to restore your files.

June 23, 2022