$100 million in the last 18 months.
This is the amount Hive ransomware is believed to have extorted from over 1,300 companies worldwide. joint warning Issued by the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Health and Human Services (HHS).
First observed in mid-2021, Hive is a Ransomware as a Service (RaaS) operation launched by various cybercriminals against sectors such as healthcare, non-profits, energy providers and retailers. used for
And earlier this year HHS launched Hive ‘Very Aggressive’ Threats to Healthcare Sector.
Attackers deploying Hive ransomware often use phishing emails with malicious attachments, stolen single-factor RDP logins, virtual private networks, and other remote network connection protocols to cause damage. obtains initial access to the network of
Attackers can also exploit known vulnerabilities to bypass multi-factor authentication and gain access to FortiOS servers, the FBI warns.
Like many other ransomware attacks, Hive employs a “double extortion” model where data is stolen from the victim’s network before it is encrypted. The stolen data will be leaked to a dedicated dark web site if the ransom is not paid.
Some Hive victims have even reported being called by cybercriminals and pressured into paying and participating in negotiations.
The ransom note left behind after the data was encrypted discourages Hive victims from reporting the attack to the police or the FBI, or letting a professional recovery firm manage the decryption of the data and negotiations with the gang. It is said.
The FBI continues to urge organizations to report ransomware attacks as it helps investigators gather information about perpetrators and may one day bring those responsible to justice.
As usual, the FBI does not encourage victims to pay the ransom. However, in that advisory, “Hive actors are known to use Hive ransomware or another ransomware variant to re-infect the networks of victim organizations that have restored their networks without paying a ransom. I will.”
The FBI asks companies to report ransomware incidents to local field offices to track attackers and provide them with critical information to “hold them accountable under U.S. law and prevent future attacks.” is requested to be provided to investigators.