HardBit 4 is a Next generation ransomware discovered by cybersecurity researchers. It stands out for its obfuscation techniques to avoid detection and its operational, purely economic motivation.

Ransomware is a computer attack that infects a PC, smartphone (or any other electronic device) in order to block its operation and/or access to part or all of the device. Its most distinctive feature is that downloads files using an encryption system which prevents access to its owner. From there, cybercriminals demand a sum of money from the victims as a “ransom” to set them free.

It’s no wonder that Ransomware has become a major computer threat in recent years. Although it is also used for other purposes (introducing malware, controlling a computer, espionage, stealing confidential information or simply doing damage on demand), its main motivation remains economic. And it moves astronomical amounts: over $1 billion paid in ransom in 2023.

HardBit 4, How does it work?

This ransomware was first detected in October 2022 and since its inception has been exclusively financially motivated, operating like other ransomware groups to generate illegal income through double extortion tactics.

Version 4.0 comes with important improvements in two basic areas. They are the first blackout techniques discourage analytical effort in detecting it. Unlike previous versions, it has password protection, “that must be provided at runtime for the ransomware to run successfully. “Additional confusion prevents security researchers from analyzing malware.”they explain.

Another distinguishing feature of this malware is that it does not operate in place of the data leak, but instead forces victims to pay by threatening more attacks in the future. Its primary method of communication is via the Tox instant messaging service, and although the exact initial access vector used to compromise target environments is unclear, it is suspected to use brute-force attacks against RDP and SMB services.

Other steps include credential theft through tools like Mimikatz and NLBrute, and network discovery through tools like Advanced Port Scanner, allowing attackers to move laterally through the network via RDP. Encryption Victim hosts are carried out using a virus known as Neshta, which cybercriminals have used in the past to distribute other ransomware such as Big Head.

HardBit is designed for disable the standard Windows security system, Microsoft Defender and other antiviruses, terminating processes and services to avoid possible detection of their activities and preventing system recovery. It then encrypts the files you’re interested in, updates their icons, changes the desktop wallpaper, and renames the system volume with the string “Locked by HardBit”.

Very, very dangerous and on par with other giants like LockBit, Akira and BlackSuit in development and operational techniques. And that’s it ransomware continues to be a growing trend and extremely profitable for criminals. According to Symantec researchers, all the evidence points to this “Exploitation of known vulnerabilities in public applications remains a major vector for ransomware attacks”.