HardBit勒索病毒家族详情

【家族名】
Win32/Ransom.HardBit

[平台]   /   [主类型]  .  [家族名]
平台类型 :  Win32 Win64
威胁类型 : Ransom

【是否支持解密】
360解密大师：暂不支持
在线解密：暂不支持

【被加密文件】
被加密文件后缀格式： 修改文件后缀为.hardbit3


【勒索提示信息】：
文件名：
文件内容 ：
-------------------------------------------------------------------------------
                                                                    _   _  _____  ___    ___    ___    _  _____
                                                                   | | ( )|  _  ||  _ \ (  _ \ (  _ \ (_)(_   _)
                                                                   | |_| || (_) || (_) )| | ) || (_) )| |  | |  
                                                                   |  _  ||  _  ||    / | | | ||  _ ( | |  | |  
                                                                   | | | || | | || |\ \ | |_) || (_) )| |  | |  
                                                                   (_) |_||_| |_||_| (_)(____/ (____/ |_|  |_|  

                                                                              ΖΖARDBIT RANSOMWAREΖΖ?
----
what happened?
All your files have been stolen and then encrypted. But don't worry, everything is safe and will be returned to you.

----
How can I get my files back?
You have to pay us to get the files back. We don't have bank or paypal accounts, you only have to pay us via Bitcoin.
----
How can I buy bitcoins?
You can buy bitcoins from all reputable sites in the world and send them to us. Just search how to buy bitcoins on the internet. Our suggestion is these sites.
>>https://www.binance.com/en<< >>https://www.coinbase.com/<< >>https://localbitcoins.com/<< >>https://www.bybit.com/en-US/<<
----
What is your guarantee to restore files?
Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will cooperate with us. Its not in our interests.
To check the ability of returning files, you can send to us any 2 files with SIMPLE extensions(jpg,xls,doc, etc... not databases!) and low sizes(max 1 mb), we will decrypt them and send back to you.
That is our guarantee.
----
How to contact with you?

Or contact us by email:>>godgood55@tutanota.com<< or >>alexgod5566@xyzmailpro.com<<
----
How will the payment process be after payment?
After payment, we will send you the decryption tool along with the guide and we will be with you until the last file is decrypted.
----
What happens if I don't pay you?
If you don't pay us, you will never have access to your files because the private key is only in our hands. This transaction is not important to us,
but it is important to you, because not only do you not have access to your files, but you also lose time. And the more time passes, the more you will lose and
If you do not pay the ransom, we will attack your company again in the future.
----
What are your recommendations?
- Never change the name of the files, if you want to manipulate the files, make sure you make a backup of them. If there is a problem with the files, we are not responsible for it.
- Never work with intermediary companies, because they charge more money from you. For example, if we ask you for 50,000 dollars, they will tell you 55,000 dollars. Don't be afraid of us, just call us.
----
Very important! For those who have cyber insurance against ransomware attacks.
Insurance companies require you to keep your insurance information secret, this is to never pay the maximum amount specified in the contract or to pay nothing at all, disrupting negotiations.
The insurance company will try to derail negotiations in any way they can so that they can later argue that you will be denied coverage because your insurance does not cover the ransom amount.
For example your company is insured for 10 million dollars, while negotiating with your insurance agent about the ransom he will offer us the lowest possible amount, for example 100 thousand dollars,
we will refuse the paltry amount and ask for example the amount of 15 million dollars, the insurance agent will never offer us the top threshold of your insurance of 10 million dollars.
He will do anything to derail negotiations and refuse to pay us out completely and leave you alone with your problem. If you told us anonymously that your company was insured for $10 million and other
important details regarding insurance coverage, we would not demand more than $10 million in correspondence with the insurance agent. That way you would have avoided a leak and decrypted your information.
But since the sneaky insurance agent purposely negotiates so as not to pay for the insurance claim, only the insurance company wins in this situation. To avoid all this and get the money on the insurance,
be sure to inform us anonymously about the availability and terms of insurance coverage, it benefits both you and us, but it does not benefit the insurance company. Poor multimillionaire insurers will not
starve and will not become poorer from the payment of the maximum amount specified in the contract, because everyone knows that the contract is more expensive than money, so let them fulfill the conditions
prescribed in your insurance contract, thanks to our interaction.
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------





Your ID :BFEBFBFF000306A9

Your Key :NIheAr8DLhqBsbUPCkQZrL2qiBcxTLgTeWz0c9B27oy4/9IrWps4rUiq5XhrESpa7fcGZb8l4uYoxx07Hjci97rruoZW4sgJ//VIsQwyX3emXiOq0rJBd8/3zpPa8QrqRaNPQQh4VvLqqq5Cb/Q5D70DUqg7bOl7uoUDMbJpvZg=

-------------------------------------------------------------------------------
【支付地址】

【防护建议】
1.多台机器，不要使用相同的账号和口令
2.登录口令要有足够的长度和复杂性，并定期更换登录口令
3.重要资料的共享文件夹应设置访问权限控制，并进行定期备份
4.定期检测系统和软件中的安全漏洞，及时打上补丁。
5.定期到服务器检查是否存在异常。查看范围包括：
a)是否有新增账户
b) Guest是否被启用
c) Windows系统日志是否存在异常
d)杀毒软件是否存在异常拦截情况
6.安装安全防护软件，并确保其正常运行。
7.从正规渠道下载安装软件。
8.对不熟悉的软件，如果已经被杀毒软件拦截查杀，不要添加信任继续运行。

  




!! All YOUR  IMPORTANT  FILES ARE  STOLEN  AND ENCRYPTED  !!


Attention >> Please do not scan the files by antivirus, otherwise the consequences are your own


Basic description:

•Please read the file (HOW TO RESTORE YOUR FILES.txt) after reading this page.
•We need your ID and your ID is written below the (HOW TO RESTORE YOUR FILES.txt) file.
•Contact information for decoding is written in the file (HOW TO RESTORE YOUR FILES.txt) and also at the end of this page
•Please do not touch the Key written under the help file in any way, otherwise the consequences will be with you.



Is there a guarantee for decryption after payment?

•Before paying you can send us up to 2 test files for free decryption. The total size of files must be less than 1Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)



About ransomware support:

•You can download and install TOX message from this link
•Our ID in TOX : 77A904360EA7D74268E7A4F316865F1703D2D7A6AF28C9ECFACED69CD09C8610FF2C728E6A33
•If someone who is in contact with you through email steals from you, you can contact us and send us the documents and get decrypted for free and the offender will be fired.
•Please do not ask support for decryption and contact directly the contact information provided in the file (HOW TO RESTORE YOUR FILES.txt) for you.
•If you have information about the company and its servers, share with us in TOX and receive a share from us when they pay. Don't worry, your identity will remain hidden.
•We are ready to answer your questions!



Things that you must pay attention to:

•DO NOT trust anyone except the email and the TOX ID that is in the help file, otherwise we will not be responsible for the consequences.
•DO NOT  rename encrypted files.
•DO NOT  try to decrypt or manipulate the files yourself.
•DO NOT  contact intermediary companies. They don't do anything special, they just message us and give us money and get the key, but if our price was $50,000, they will charge $70,000 from you.
•DO NOT pay any money for the test file.
•Before manipulating the files, be sure to make a backup of them, otherwise it is your responsibility.



Contact information for decryption:

•Our email address :CryptedData@tfwno.gf

•Your ID :BFEBFBFF000906EB

•Key :lYzPkA5w6JgRcXT63WBrRu788tOPCdV/UszM7l85pyayhGNXTV52wLNR5VinAlxC7ASM6QCH+YNNVkWcKZwjj5NMs4EPl2OdNKmIjEj2ivTDwhzm5bbOXtb77qyTC21pDJqeRXOkgMoyA2lajLvISO8YNYlvoVq851QIvamii8o=

                                                                        _   _  _____  ___    ___    ___    _  _____
                                                                       | | ( )|  _  ||  _ \ (  _ \ (  _ \ (_)(_   _)
                                                                       | |_| || (_) || (_) )| | ) || (_) )| |  | |  
                                                                       |  _  ||  _  ||    / | | | ||  _ ( | |  | |  
                                                                       | | | || | | || |\ \ | |_) || (_) )| |  | |  
                                                                       (_) |_||_| |_||_| (_)(____/ (____/ |_|  |_|



                                                                              ΖΖARDBIT RANSOMWAREΖΖ?

                                 Attention!! (Do not scan the files with antivirus in any case. In case of data loss, the consequences are yours) Attention!!

----
what happened?
All your files have been stolen and then encrypted. But don't worry, everything is safe and will be returned to you.



----
How can I get my files back?
You have to pay us to get the files back. We don't have bank or paypal accounts, you only have to pay us via Bitcoin.
----
How can I buy bitcoins?
You can buy bitcoins from all reputable sites in the world and send them to us. Just search how to buy bitcoins on the internet. Our suggestion is these sites.
>>www.binance.com/en<<or>>www.coinbase.com<<or>>localbitcoins.com<<or>>www.bybit.com<<
----
What is your guarantee to restore files?
Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will cooperate with us. Its not in our interests.
To check the ability of returning files, you can send to us any 2 files with SIMPLE extensions(jpg,xls,doc, etc... not databases!) and low sizes(max 1 mb), we will decrypt them and send back to you.
That is our guarantee.
----
How to contact with you?
You can contact us by email:>>hardwork10@tutanota.com or hardwork10@protonmail.com<<
----
How will the payment process be after payment?
After payment, we will send you the decryption tool along with the guide and we will be with you until the last file is decrypted.
----
What happens if I don't pay you?
If you don't pay us, you will never have access to your files because the private key is only in our hands. This transaction is not important to us,
but it is important to you, because not only do you not have access to your files, but you also lose time. And the more time passes, the more you will lose and
If you do not pay the ransom, we will attack your company again in the future.
----
What are your recommendations?
- Never change the name of the files, if you want to manipulate the files, make sure you make a backup of them. If there is a problem with the files, we are not responsible for it.
- Never work with intermediary companies, because they charge more money from you. For example, if we ask you for 50,000 dollars, they will tell you 55,000 dollars. Don't be afraid of us, just call us.
----
Very important! For those who have cyber insurance against ransomware attacks.
Insurance companies require you to keep your insurance information secret, this is to never pay the maximum amount specified in the contract or to pay nothing at all, disrupting negotiations.
The insurance company will try to derail negotiations in any way they can so that they can later argue that you will be denied coverage because your insurance does not cover the ransom amount.
For example your company is insured for 10 million dollars, while negotiating with your insurance agent about the ransom he will offer us the lowest possible amount, for example 100 thousand dollars,
we will refuse the paltry amount and ask for example the amount of 15 million dollars, the insurance agent will never offer us the top threshold of your insurance of 10 million dollars.
He will do anything to derail negotiations and refuse to pay us out completely and leave you alone with your problem. If you told us anonymously that your company was insured for $10 million and other
important details regarding insurance coverage, we would not demand more than $10 million in correspondence with the insurance agent. That way you would have avoided a leak and decrypted your information.
But since the sneaky insurance agent purposely negotiates so as not to pay for the insurance claim, only the insurance company wins in this situation. To avoid all this and get the money on the insurance,
be sure to inform us anonymously about the availability and terms of insurance coverage, it benefits both you and us, but it does not benefit the insurance company. Poor multimillionaire insurers will not
starve and will not become poorer from the payment of the maximum amount specified in the contract, because everyone knows that the contract is more expensive than money, so let them fulfill the conditions
prescribed in your insurance contract, thanks to our interaction.

Your ID :178BFBFF00A20F10

Your Key :P68l2cApsVTSfYoznhEcP8O3YKadMxpnrIgPV47Mvjn0tnW4Wtzs5bwtgpWR91C9/G7sIYTWrRv6ybhlNH3KRwjfLVIeNqATep2ktBqBX9fj9P6/5J34ODptg1T6/J5rQoReviY0MdOh2GceUbMrziw+sISIS4FKiAzIvFp1ARY=

家族：HardBit
被加密文件后缀:hardbit2
黑客邮箱/Url：hardwork10@tutanota.com

家族：HardBit
被加密文件后缀:hardbit2
黑客邮箱/Url：hardwork10@protonmail.com

家族：HardBit
被加密文件后缀:hardbit3
黑客邮箱/Url：hisenberg0ger@tutanota.com

家族：HardBit
被加密文件后缀:hardbit3
黑客邮箱/Url：hisenberg01ger@skiff.com