This new ransomware strain wants to get your insurance details so it can negotiate a bigger price
Crooks are trying to pit victims against their insurance firms
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Operators of a newransomwarestrain have been seen trying to encourage victims to pay the ransom demand by pitting them against their insurance companies.
The HardBit 2.0 variant has been seen carrying a few novel tricks up its sleeve, including a modified ransom note in which the attackers say that if their ransom demand is within the range covered by the insurance company, then that company is obliged to cover the costs of the cyberattack.
But the problem is, the crooks never know what the insurance details are, and the victims are contractually obliged to keep that information secret. Still, the crooks try to talk the victim into sharing that information, albeit privately.
Voiding the insurance contract
“To avoid all this and get the money on the insurance, be sure to inform us anonymously about the availability and terms of the insurance coverage, it benefits both you and us, but it does not benefit the insurance company,” the note says.
The note essentially shows insurance companies as the bad guys, and further tells the victims not to engage with intermediaries or third parties, as that would only drive up the costs.
Besides suggesting action that would void the insurance contract, the crooks made other changes to the ransomware strain, as well. Now, the malware is able to modify the endpoint’s Registry and disable Windows Defender real-time behavioral monitoring, process scanning, and on-access file protections,BleepingComputerreported. Furthermore, it tries to kill 86 processes to better encrypt sensitive files.
What is ransomware and how does it work?>This new ransomware is seeing rapid growth, so beware>These are the best firewalls right now
Lastly, it doesn’t write encrypted data to file copies and then delete the originals, but rather opens the files and overwrites the content with encrypted data. That, allegedly, makes the encryption process faster, and recovery more difficult.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Disclosing insurance detail is something no one can recommend. Instead, businesses would be better off educating their employees on the dangers of phishing and social engineering, installing a strong firewall and cybersecurity solution, and keeping their backups fresh.
Via:BleepingComputer
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
This new phishing strategy utilizes GitHub comments to distribute malware
Should your VPN always be on?
Herman Miller Aeron gaming chair review: premium, highly customizable comfort
