Calculating The Ransom Demand On The Victim’s Insurance

In an innovative move, the ransomware group HardBit has offered to set ransom its demands based on the victims’ cyber insurance coverage.  Organisations that have been targeted by HardBit's ransomware typically have their files encrypted. 

HardBit 2.0 says it steals files from compromised networks, encrypts the data it leaves behind, and demands a crypto currency ransom be paid, with the threat that company confidential data will be released online.

It is likely that the organisation’s main motivation is to steal victim’s data, however, security researchers have not identified a live website where the group leaks data and names their targets. Additionally, security researchers state that the group does not specify a ransom price in the notes it drops on compromised systems. Instead, the company is told to contact the hackers via email or an instant messaging platform hosted on the deep web browser, Tor.

When a victim has cyber insurance, the hackers ask them to provide details so they can set the ransom amount accordingly. HardBit say they do not want to demand more than what the victim can recover from the insurance company, but they also don’t want to be offered a low amount by the insurer’s representatives.

HardBit’s ransom demand even goes as far to say that sharing the insurance details is beneficial and insurers stand in the way of data recovery.

However, the cyber criminals behind HardBit warn that if payment is not made victims will not only never have access to their files again, but are warned that their company will be attacked again in the future. Furthermore, if payment or negotiations have not begun within 48 hours, HardBit warns that the ransom will be doubled.

The ransom message left behind on compromised systems does not specify how much the victim has to pay to recover its files. Instead, the targeted company is instructed to contact the hackers through email or the Tox instant messaging platform. However, the note does contain some important information about paying the ransom, specifically for victims that have a cyber insurance policy covering ransomware attacks

To fight ransomware attacks, it's important to report them to law enforcement and make sure you have offsite backups in place so you can easily recover your files.

To protect your systems from similar incidents in the future, always be cautious when opening unsolicited emails and attachments, and avoid visiting potentially malicious websites. Keep your security software updated as well so it can properly detect and remove malware.

Varonis:     NeoWin:      Tripwire:     Security Week:      Oodaloop:     NetSec News

You Might Also Read:

Crackdown On Ransomware Criminals:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Hackers Have Stolen GoDaddy's Source Code
An Apocalyptic Cyber Event »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ON-DEMAND WEBINAR: Harnessing the power of Security Information and Event Management (SIEM)

ON-DEMAND WEBINAR: Harnessing the power of Security Information and Event Management (SIEM)

Join our experts as they give the insights you need to power your Security Information and Event Management (SIEM).

Randori

Randori

Randori is an attack platform that provides "red-teaming" as a service — basically, staging simulated hack attacks to test for vulnerabilities and gaps in the security response.

SMESEC

SMESEC

SMESEC is a lightweight Cybersecurity framework for protecting small and medium-sized enterprises (SME) against Cyber threats.

Cytelligence

Cytelligence

Cytelligence is a cyber security consulting company with deep expertise in Cyber Breach Response, Cyber Breach Investigations, and Digital Forensics.

ABS Group

ABS Group

ABS Group provides risk and reliability solutions and technical services that help clients confirm the safety, integrity and security of critical assets and operations.

Insight Partners

Insight Partners

Insight Partners is a leading global private equity and venture capital firm investing in growth-stage technology, software and Internet businesses.

Techleap.nl

Techleap.nl

Techleap.nl is a non-profit publicly funded organisation helping to quantify and accelerate the tech ecosystem of the Netherlands.

Hackinsure

Hackinsure

Front Row Insurance’s Hackinsure provides protection against online hazards including Cyber Liability, Theft & Fraud, Business Interruption, Extortion & Ransomware, Forensic Investigation.

Aversafe

Aversafe

Aversafe provides individuals, employers and certificate issuers around the world with a first line of defense against credential fraud.

DNX Ventures

DNX Ventures

Based in Silicon Valley and Tokyo, DNX Ventures is an early stage VC for B2B startups in sectors including Cybersecurity.

INE

INE

INE is a premier provider of Technical Training for the IT industry.

Drata

Drata

Drata is a security and compliance automation platform that continuously monitors and collects evidence of a company's security controls, while streamlining workflows to ensure audit-readiness.

Invicti Security

Invicti Security

Invicti Security is an AppSec leader transforming the way web applications are secured.

Rootshell Security

Rootshell Security

Rootshell Security is transforming vulnerability management with its vendor-agnostic Prism Platform and industry-leading offensive security assessments.

HiSolutions

HiSolutions

HiSolutions is a renowned consulting firms for IT governance, risk & compliance in Germany, combining highly specialized know-how in the field with profound process competence.

AuthMind

AuthMind

Prevent your next identity-related cyberattack with the AuthMind Identity SecOps Platform. It works anywhere and deploys in minutes.

Vernetzen

Vernetzen

Vernetzen is an industrial network and cybersecurity innovator focused on delivering practical solutions to connect and secure industry across the globe.