The recent cyberattack aimed at aerospace and defense company Collins Aerospace, which has caused significant disruptions at major airports in Europe, reportedly involved a piece of ransomware known as HardBit.
The HardBit ransomware emerged in October 2022 and it came into the spotlight a few months later when it emerged that the cybercriminals were willing to negotiate ransom amounts based on their victims’ cyberinsurance policy. Not much has been reported on HardBit since.
Cybercriminals are using HardBit ransomware to encrypt files on compromised systems and they claim to steal data from victims but, unlike many other ransomware operations, they do not appear to have a website where they name victims and leak stolen data.
The EU cybersecurity agency ENISA revealed on Monday that the airport disruptions were the result of a ransomware attack, but did not share additional details.
Cybersecurity expert Kevin Beaumont reported on Tuesday that the attack involved a variant of HardBit, which he described as “incredibly basic”. Beaumont learned from sources that Collins Aerospace has been having difficulties removing the malware, with devices becoming reinfected following cleanup attempts.
The BBC reported earlier this week that over one thousand computers may have been impacted and that Collins had found the hackers still inside its network after it rebuilt and relaunched systems.
Ransomware expert Dominic Alvieri told SecurityWeek that his sources also confirmed the involvement of HardBit in the attack. However, the researcher pointed out that the HardBit ransomware is offered under an affiliate program and anyone could have used it to target Collins Aerospace.
Source: Security Week