The operators say they do not want to demand more than what the victim can recover from the insurance company, but they also don't want to be offered a low amount by the insurer's representatives.

Cybercriminals are attempting to maximise their profits and decrease resistance for companies to maintain the ransomware ecosystem. Cyber breaches cost $4.5 million on average, according to an IBM report. Companies are therefore still left at the mercy of hackers, putting sensitive customer and investor data at risk of exposure, while facing extortionate ransoms.

First observed in October 2022, HardBit is a ransomware threat that targets organisations to extort cryptocurrency payments for the decryption of their data. "Seemingly improving upon their initial release, HardBit version 2.0 was introduced toward the end of November 2022, with samples seen throughout the end of 2022 and into 2023," says according to Alien Vault. "Like most modern ransomware threats, HardBit claims to steal sensitive data from their victims, likely upon first gaining access to the network, before launching their payload to encrypt data.

Says Satnam Narang, senior staff research engineer, at cyber firm Tenable. "Ransomware has evolved significantly over the years, as groups have begun to focus on exfiltrating files from victim networks. Accessing these files and holding them for ransom as part of the 'double extortion' tactic has given ransomware groups an opportunity to peek into an organization’s financials, as well as their cyber insurance policies.

"While some groups are inclined to seek out the highest ransomware payment possible, many groups in the ransomware ecosystem seek to tailor their ransom demands to a value that the organisation can pay. In the past, the Conti ransomware group instructed affiliates to seek out cyber insurance and security policy documents as part of the files they exfiltrate from the victim’s environment after a successful attack, likely to help tailor their ransom demands.

"However, to my knowledge, this is the first time a group (HardBit) has instructed a victim to explicitly share their cyber insurance details anonymously, in order to prepare a viable ransomware demand to maximise the return on their investment, while ensuring the least amount of friction possible during negotiations. While we’ve seen the extortion side of the ransomware ecosystem evolve over the years, it’s unclear if HardBit’s approach is one that other ransomware groups will adopt in the near future.”