House › Malware

Hive Ransomware Gang Hits 1,300 Companies, Makes $100 Million

By Ionut Arghire on November 18, 2022

Tweet

The Hive ransomware gang has victimized greater than 1,300 companies, receiving over $100 million in ransom funds over the previous yr and a half, US authorities businesses say.

Energetic since June 2021 and provided as ransomware-as-a-service (RaaS), Hive has been utilized in assaults in opposition to companies and demanding infrastructure entities, together with communications, authorities, healthcare, IT, and demanding manufacturing organizations.

In an effort to extend consciousness of Hive ransomware, the Cybersecurity and Infrastructure Safety Company (CISA), the Federal Bureau of Investigation (FBI), and the Division of Well being and Human Providers (HHS) have launched a joint alert detailing noticed indicators of compromise (IoCs) and ways, methods, and procedures (TTPs).

Relying on the affiliate disseminating Hive, preliminary entry into the sufferer’s community could also be obtained by way of Distant Desktop Protocol (RDP), digital personal networks (VPNs), and different distant connection protocols that haven’t been secured with multi-factor authentication (MFA).

In some Hive ransomware assaults, the menace actors have been noticed bypassing MFA and exploiting CVE-2020-12812 to entry FortiOS servers, the joint alert reads. Hive associates have additionally been seen sending phishing emails with malicious attachments and concentrating on recognized Microsoft Alternate Server vulnerabilities (CVE-2021-31207, CVE-2021-34473, and CVE-2021-34523).

After getting access to a sufferer’s community, the Hive ransomware makes an attempt to establish and terminate processes associated to antimalware, backups, and file copying, to cease quantity shadow copy providers and take away present copies, and to delete Home windows occasion logs.

Previous to encryption, the cybercriminals additionally exfiltrate information of curiosity from compromised Home windows, Linux, VMware ESXi, and FreeBSD programs.

Hive creates a file with the .key extension within the root listing – this file, which is exclusive to the system it was created on, is required for decryption. A ransom notice is dropped into every affected listing, warning victims to not tamper with the .key file, as that will stop information restoration, and directing victims to contact the attackers by way of stay chat on an internet site accessible by way of the Tor browser.

The ransom notice additionally threatens victims that, if a ransom will not be paid, information could be made public on the Tor web site ‘HiveLeaks’. The Hive menace actors have been additionally seen utilizing nameless file sharing websites to leak stolen information.

“As soon as the sufferer group contacts Hive actors on the stay chat panel, Hive actors talk the ransom quantity and the cost deadline. Hive actors negotiate ransom calls for in US {dollars}, with preliminary quantities starting from a number of thousand to tens of millions of {dollars}. Hive actors demand cost in Bitcoin,” CISA, FBI, and HHS say.

The three businesses additionally warn that Hive actors have been noticed reinfecting – both with Hive or different ransomware variant – victims that restored their environments with out paying a ransom.

Associated: New York Emergency Providers Supplier Says Affected person Information Stolen in Ransomware Assault

Associated: Evasive Rust-Coded Hive Ransomware Variant Emerges

Associated: Researchers Devise Methodology to Decrypt Hive Ransomware-Encrypted Information

Get the Day by day Briefing

• Most Latest
• Most Learn

• Atlassian Patches Important Vulnerabilities in Bitbucket, Crowd
• Microsoft Warns of Cybercrime Group Delivering Royal Ransomware, Different Malware
• Ukrainian Hacker Sought by US Arrested in Switzerland: Report
• Omron PLC Vulnerability Exploited by Subtle ICS Malware
• US Gov Points Software program Provide Chain Safety Steering for Prospects
• Hive Ransomware Gang Hits 1,300 Companies, Makes $100 Million
• Samba Patches Vulnerability That Can Result in DoS, Distant Code Execution
• Palo Alto to Purchase Israeli Software program Provide Chain Startup
• OpenSSF Adopts Microsoft-Constructed Provide Chain Safety Framework
• Google Wins Lawsuit Towards Glupteba Botnet Operators

Searching for Malware in All of the Flawed Locations?

First Step For The Web’s subsequent 25 years: Including Safety to the DNS

Tattle Story: What Your Laptop Says About You

Be in a Place to Act By Cyber Situational Consciousness

Report Exhibits Closely Regulated Industries Letting Social Networking Apps Run Rampant

2010, A Nice Yr To Be a Scammer.

Do not Let DNS be Your Single Level of Failure

How you can Establish Malware in a Blink

Defining and Debating Cyber Warfare

The 5 A’s that Make Cybercrime so Engaging

How you can Defend Towards DDoS Assaults

Safety Budgets Not in Line with Threats

Anycast – Three Causes Why Your DNS Community Ought to Use It

The Evolution of the Prolonged Enterprise: Safety Methods for Ahead Pondering Organizations

Utilizing DNS Throughout the Prolonged Enterprise: It’s Dangerous Enterprise

Orbit Brain

http://orbitbrain.com/

Orbit Brain is the senior science writer and technology expert. Our aim provides the best information about technology and web development designing SEO graphics designing video animation tutorials and how to use software easy ways
and much more. Like Best Service Latest Technology, Information Technology, Personal Tech Blogs, Technology Blog Topics, Technology Blogs For Students, Futurism Blog.