Hardbit

HardBit is a sophisticated malware, first identified on the threat landscape in October 2022. It's designed to exploit and damage computer systems by disabling Windows Defender Antivirus, inhibiting System Recovery, and using the file infector Neshta for encryption deployment. The ransomware has evolved over time with various versions (HardBit 2.0, 3.0, and 4.0) showcasing advanced features such as password protection, service disruption, and support for a graphical user interface. Despite these advancements, it doesn't employ a double extortion model, differing from other ransomware operations. The infection methods of HardBit include email attachments in ZIP format (#8705 and #8706) and transfers over HTTP/S (#8703 and #8704), which are categorized under lateral movement and infiltration tactics. Once inside a network, HardBit disrupts operations and instructs victims to contact the operators via email or the Tox instant messaging platform. However, the initial access method used by the HardBit Ransomware group remains unknown, though experts at Cybereason have noted similarities with methodologies associated with other ransomware operations. Interestingly, HardBit shares several similarities with LockBit Ransomware, including group name, image/icons, fonts, and ransom notes. This has led to speculation among experts about a possible link between the two, but no conclusive evidence has been found yet. Some believe these similarities could be part of HardBit's marketing tactics. As of now, the full extent and implications of HardBit's activities remain under investigation.