$100 million in simply the final 18 months.
That’s the amount of cash that the Hive ransomware is assumed to have extorted from over 1300 corporations around the globe, in keeping with a joint warning issued by the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and Department of Health and Human Services (HHS).
First seen in mid 2021, Hive is a ransomware-as-a-service (RaaS) operation, which totally different cybercriminals have utilized in assaults launched in opposition to healthcare establishments, non-profit organisations, vitality suppliers, and retailers, amongst different sectors.
And it’s this concentrating on of crucial infrastructure and hospitals which led the HHS earlier this 12 months to explain Hive as an “exceptionally aggressive” menace to the well being sector.
Attackers deploying the Hive ransomware have typically gained preliminary entry to victims’ networks through using phishing emails with malicious attachments, stolen single-factor RDP logins, digital non-public networks and different distant community connection protocols.
According to the FBI warning, attackers have additionally generally managed to bypass multi-factor authentication and gained entry to FortiOS servers by exploiting a recognized vulnerability.
Like many different ransomware assaults, Hive has adopted a “double extortion” mannequin the place knowledge is exfiltrated from a sufferer’s community earlier than it’s encrypted. The stolen knowledge is leaked on a devoted web site on the darkish net if the ransom shouldn’t be paid.
Some victims of Hive have even reported receiving telephone calls from cybercriminals pressuring them to pay up and interact in negotiations.
Hive victims are instructed in a ransom observe left after knowledge has been encrypted to not report the assault to the police or FBI, or to usher in specialist restoration corporations to attempt to decrypt knowledge or handle negotiations with the gang.
The FBI continues to induce organisations to report ransomware assaults because it helps investigators collect details about the perpetrators and would possibly sooner or later result in these accountable being delivered to justice.
As traditional, the FBI doesn’t advocate that ransoms are paid by victims. However, in its advisory it notes that “Hive actors have been recognized to reinfect — with both Hive ransomware or one other ransomware variant — the networks of sufferer organizations who’ve restored their community with out making a ransom fee.”
The FBI urges corporations to report ransomware incidents to the native discipline workplace to assist investigators with crucial data to trace the attackers, “maintain them accountable below US regulation, and forestall future assaults.”