Hive ransomware gangs have cost businesses over $100 million, according to the FBI.
This week, the US Cybersecurity and Infrastructure Security Agency (CISA) issued an alert (number AA22-321A) about Hive ransomware. The advisory was issued in cooperation with the Federal Bureau of Investigation (FBI) and the US Department of Health and Human Services (HHS).
As of November 2022, Hive ransomware actors have victimized over 1,300 companies worldwide, the report states. The document notes that Hive perpetrators have collected approximately $100 million in ransom payments, according to FBI data.
Hive ransomware follows the ransomware-as-a-service (RaaS) model in which developers create, maintain, and update malware for affiliates that conduct ransomware attacks.
From June 2021 through at least November 2022, threat actors have used Hive ransomware to target a wide range of businesses and critical infrastructure sectors, CISA says.
Victims include government facilities, communications and critical manufacturing infrastructure, IT companies and Healthcare and Public Health (HPH) services. The latter is the reason that the advisory is co-sponsored by HHS.
Here’s how it works
Usually, the malefactors use a variety of intrusion methods to gain access to the victim’s networks. Methods include breaching remote desktop and virtual private networking protocols.
Once a network has been breached, the ransomware locks down the network and encrypts the data stored onsite. This makes it impossible for the victims to use or access computers. The locked-out victims are then contacted by the hackers and asked to pay a “ransom” in order to get the decryption key and retrieve their data.
If the victims refuse to pay, the hackers will often steal data from onsite storage devices and post the stolen data on the web. Data destruction is a potential outcome if victims refuse to pay. In some cases, instead of just leaving the encrypted storage behind, the hackers use ransomware to completely corrupt all the victim’s files.