Monday 27th February 2023

CTI Weekly: HardBit ransomware demands insurance details to facilitate negotiations

This week we reported on a recently identified ransomware group tracked as HardBit, which has been observed pressuring victims to disclose the contents of their cyber liability insurance to facilitate negotiations and maximise their profits.

HardBit 2.0 like many other prominent ransomware groups uses a sophisticated encryption methodology and instructs victims via a ransom note to contact them through the encrypted peer-to-peer messaging app TOX, which is commonly used to negotiate payments. However, HardBit 2.0 is unique in that they are known to pressure victims into secretly disclosing the terms of any cyber liability insurance to facilitate negotiations.

This is pitched to victims as a cost-saving measure that enables the group to demand a ransom amount that would be covered under the terms of their policy. This also allows HardBit 2.0 operators to maximise their profits by demanding the maximum amount that a business is realistically likely to pay, whilst also increasing the likelihood of payment because the victim can potentially recoup costs from their insurance provider.


Subscribe below to receive the full version.

Get our latest cyber intelligence insights straight into your inbox

Fill out the short form below to subscribe to our newsletter so that you never miss out on our cyber intelligence insights and news.