$100 million in simply the final 18 months.
That is the sum of money that the Hive ransomware is assumed to have extorted from over 1300 corporations all over the world, in accordance with a joint warning issued by the FBI, the Cybersecurity and Infrastructure Safety Company (CISA), and Division of Well being and Human Companies (HHS).
First seen in mid 2021, Hive is a ransomware-as-a-service (RaaS) operation, which totally different cybercriminals have utilized in assaults launched towards healthcare establishments, non-profit organisations, power suppliers, and retailers, amongst different sectors.
And it’s this concentrating on of crucial infrastructure and hospitals which led the HHS earlier this yr to explain Hive as an “exceptionally aggressive” menace to the well being sector.
Attackers deploying the Hive ransomware have usually gained preliminary entry to victims’ networks by way of using phishing emails with malicious attachments, stolen single-factor RDP logins, digital non-public networks and different distant community connection protocols.
In keeping with the FBI warning, attackers have additionally typically managed to bypass multi-factor authentication and gained entry to FortiOS servers by exploiting a recognized vulnerability.
Like many different ransomware assaults, Hive has adopted a “double extortion” mannequin the place information is exfiltrated from a sufferer’s community earlier than it’s encrypted. The stolen information is leaked on a devoted web site on the darkish internet if the ransom shouldn’t be paid.
Some victims of Hive have even reported receiving cellphone calls from cybercriminals pressuring them to pay up and interact in negotiations.
Hive victims are instructed in a ransom observe left after information has been encrypted to not report the assault to the police or FBI, or to herald specialist restoration corporations to attempt to decrypt information or handle negotiations with the gang.
The FBI continues to induce organisations to report ransomware assaults because it helps investigators collect details about the perpetrators and may sooner or later result in these accountable being dropped at justice.
As standard, the FBI doesn’t advocate that ransoms are paid by victims. Nevertheless, in its advisory it notes that “Hive actors have been recognized to reinfect — with both Hive ransomware or one other ransomware variant — the networks of sufferer organizations who’ve restored their community with out making a ransom cost.”
The FBI urges corporations to report ransomware incidents to the native discipline workplace to assist investigators with crucial data to trace the attackers, “maintain them accountable beneath US legislation, and stop future assaults.”
