"The recent cyberattack aimed at aerospace and defense company Collins Aerospace, which has caused significant disruptions at major airports in Europe, reportedly involved a piece of ransomware known as HardBit. The HardBit ransomware emerged in October 2022 and it came into the spotlight a few months later when it emerged that the cybercriminals were willing to negotiate ransom amounts based on their victims' cyberinsurance policy. Not much has been reported on HardBit since."
"Cybersecurity expert Kevin Beaumont reported on Tuesday that the attack involved a variant of HardBit, which he described as "incredibly basic". Beaumont learned from sources that Collins Aerospace has been having difficulties removing the malware, with devices becoming reinfected following cleanup attempts. The BBC reported earlier this week that over one thousand computers may have been impacted and that Collins had found the hackers still inside its network after it rebuilt and relaunched systems."
HardBit ransomware emerged in October 2022 and gained attention after affiliates negotiated ransom amounts based on victims' cyberinsurance. HardBit encrypts files and claims to steal data but appears not to operate a public leak site. ENISA confirmed that airport disruptions resulted from a ransomware incident. Sources reported a HardBit variant involved in the Collins Aerospace attack and described the malware as rudimentary. Collins faced reinfections after cleanup, and more than one thousand computers may have been impacted, with attackers remaining inside after systems were rebuilt. HardBit’s affiliate model and known overlap with Mimic complicate definitive attribution.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]