Tag Archive for: fraud

Everything you need to know about HardBit 2.0 and insurance fraud


Cybercriminals have a new twist on ransomware that takes a strange turn. They infect victims’ devices with HardBit 2.0 malware that encrypts critical files. To get access back to those files, you must pay a fee. Here’s the twist. They try getting information from you that would make your insurance company pay the ransom.

Read on for details on this tricky scheme and ways to stay protected.

What is HardBit 2.0?

HardBit 2.0 is ransomware designed to infiltrate your computer or smartphone and encrypt any valuable data it finds. Then, you’re given a choice: pay a hefty ransom or lose access to your files. 

This new scheme takes an unexpected turn. The crooks use cybercrime insurance as a means to an end. Sometimes, they dare to ask you for policy information so the ransom may be adjusted to fit your insurance plan.

Once your system is infected with the HardBit malware, it copies itself to the Startup folder and drops a plain text ransom note and an HTML application into your desktop.

According to Techradar, the note reads, “To avoid all this and get the money on the insurance, be sure to inform us anonymously about the availability and terms of the insurance coverage, it benefits both you and us, but it does not benefit the insurance company.”

Terrifying? Absolutely, and it’s totally real.

You’re directed to the attacker’s TOX messenger account and asked to pay up, or all your important files are lost forever. If 48 hours pass without a response, the thieves threaten that the ransom demand will be doubled.

HardBit was first released in October 2022. Since then, it’s been used to target businesses and ordinary people, often through extortion, dishonesty and other diabolical tactics. The threat actors behind the endeavor threaten to lock you out of your files if the ransom isn’t met.

The following points of contact have been confirmed to be associated with the scheme:

  • alexgod5566@xyzmailpro[.]com.
  • filetest@decoymail[.]net.
  • filetest@onionmail[.]org.
  • godgood55@tutanota[.]com.

These threat…

Source…

Is It Time to Rethink the Computer Fraud and Abuse Act?


Kentucky resident Deric Lostutter is fighting to regain the right to vote.

Lostutter is now a paralegal but previously was a member of hacktivist group Anonymous and served out a prison sentence after violating a federal anti-hacking law.

His particular state and the nature of his conviction are proving to be sticking points as he seeks re-enfranchisement: Kentucky indefinitely revokes voting permissions for residents with certain kinds of felonies on their records. That includes offenses that, like Lostutter’s, were tried in federal court; as such, he’d need a governor’s pardon to be re-enfranchised.


Lostutter lost voting rights after being convicted in 2017 of violating the Computer Fraud and Abuse Act (CFAA) and lying to the FBI about his actions, and he served two years. He and a co-collaborator had conducted a hack in an effort to put pressure and public attention on two Steubenville, Ohio, high school football players’ rape of an unconscious 16-year-old, as well as on school employees believed to have enabled or hidden the assault.

“I went after a coverup of a rape case,” Lostutter told Government Technology. “Did I commit a crime? Yes: I accessed a website without permission — a football fan website, where I posted allegations and evidence of the coverup to protect the football team. Do I admit that was wrong? Yes. Did I serve my time? Yes. Was it violent? No.”

That lack of permission is where the CFAA comes in. The federal law criminalizes accessing information on an Internet-connected device either without “authorization” or by exceeding the authorization one already has.

The CFAA is a controversial law. While it appears intended to prevent malicious hacking, it’s also come under fire over the years for its vague wording that some say risks scooping up more innocuous individuals alongside genuinely dangerous actors.

The Department of Justice (DOJ) appeared to acknowledge this concern last May when it issued a policy revision clarifying the law’s scope. The DOJ explained that the CFAA should not, for example, be used to charge security researchers or people who exaggerate in their…

Source…

The Venture Leader Mobile innovating customer authentication and fraud prevention – Venturelab