Harditem Ransomware
Cybercriminals have created another ransomware threat aimed at locking the data of their victims. Tracked by the infosec community as the Harditem Ransomware, the threat is equipped with a sufficiently strong cryptographic algorithm, making the restoration of the locked files without the necessary decryption keys practically impossible. Impacted users will find themselves no longer able to open any of their documents, pictures, photos, databases, archives, etc. Each locked file also will have '.hard' appended to its original name.
The ransom note of the threat will be dropped on the breached device as a text file named 'RESTORE_FILES_INFO.txt.' Opening the file reveals that the Harditem Ransomware's message is extremely brief. It lacks much of the information typically found on the instructions left by ransomware threats. Here, victims are simply told to contact the attackers by sending a message to the two provided email addresses - 'harditem@firemail.cc' and 'harditem@hitler.rocks.' In addition, the hackers also may, apparently, be reached on the Jabber account 'harditem@xmpp.jp.' The note fails to mention the sum of the ransom that the hackers are likely to demand, if the money must be transferred using a specific cryptocurrency, or if users can send a couple of files to be decrypted for free. It is paramount to remember that any communication with cybercriminals could expose users to additional privacy and security risks.
The entire message left by the Harditem Ransomware is:
'Your files are secured…
Contact emails: harditem@firemail.cc and harditem@hitler.rocks (spare) or jabber harditem@xmpp.jp
Send me your ID in the first email to all specified addressesKey Identifier:'
