The ransomware group, Hardbit, which is now reportedly demanding cyber insurance details as a part of ransom negotiations, appears to have been active for less than a year. The group shows many tactics, techniques, and procedures consistent with a relatively novice group at first glance. That being said, Hardbit’s ransomware has abilities and checks that speak to thorough testing and some measure of experience in how to maximise their impact. This information, along with the lack of dark web infrastructure, suggests either a novice group with possibly a few experienced developers, or a moderately experienced group that has yet to stand up leak and negotiation sites. Novel and experimental pressuring techniques pop up regularly and many do not last long.

The best defence against ransomware groups like Hardbit is to have a strong cyber defence posture. Organisations should use multi-factor authentication (MFA), implement regular phishing training and testing for employees, and regularly check to ensure that internal systems are not directly exposed to the open internet.