CTI Weekly: HardBit ransomware demands insurance details to facilitate negotiations

This week we reported on a recently identified ransomware group tracked as HardBit, which has been observed pressuring victims to disclose the contents of their cyber liability insurance to facilitate negotiations and maximise their profits.

HardBit 2.0 like many other prominent ransomware groups uses a sophisticated encryption methodology and instructs victims via a ransom note to contact them through the encrypted peer-to-peer messaging app TOX, which is commonly used to negotiate payments. However, HardBit 2.0 is unique in that they are known to pressure victims into secretly disclosing the terms of any cyber liability insurance to facilitate negotiations.

This is pitched to victims as a cost-saving measure that enables the group to demand a ransom amount that would be covered under the terms of their policy. This also allows HardBit 2.0 operators to maximise their profits by demanding the maximum amount that a business is realistically likely to pay, whilst also increasing the likelihood of payment because the victim can potentially recoup costs from their insurance provider.

Subscribe below to receive the full version.