2 min read

Hive ransomware has extorted $100 million in 18 months, FBI warns

Graham CLULEY

November 23, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Hive ransomware has extorted $100 million in 18 months, FBI warns

$100 million in just the last 18 months.

That's the amount of money that the Hive ransomware is thought to have extorted from over 1300 companies around the world, according to a  joint warning issued by the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and Department of Health and Human Services (HHS).

First seen in mid 2021, Hive is a ransomware-as-a-service (RaaS) operation, which different cybercriminals have used in attacks launched against healthcare institutions, non-profit organisations, energy providers, and retailers, amongst other sectors.

And it is this targeting of critical infrastructure and hospitals which led the HHS earlier this year to describe Hive as an "exceptionally aggressive" threat to the health sector.

Attackers deploying the Hive ransomware have often gained initial access to victims' networks via the use of phishing emails with malicious attachments, stolen single-factor RDP logins, virtual private networks and other remote network connection protocols.

According to the FBI warning, attackers have also sometimes managed to bypass multi-factor authentication and gained access to FortiOS servers by exploiting a known vulnerability.

Like many other ransomware attacks, Hive has adopted a "double extortion" model where data is exfiltrated from a victim's network before it is encrypted.  The stolen data is leaked on a dedicated website on the dark web if the ransom is not paid.

Some victims of Hive have even reported receiving phone calls from cybercriminals pressuring them to pay up and engage in negotiations.

Hive victims are told in a ransom note left after data has been encrypted not to report the attack to the police or FBI, or to bring in specialist recovery companies to try to decrypt data or manage negotiations with the gang.

The FBI continues to urge organisations to report ransomware attacks as it helps investigators gather information about the perpetrators and might one day lead to those responsible being brought to justice.

As usual, the FBI does not recommend that ransoms are paid by victims. However, in its advisory it notes that "Hive actors have been known to reinfect — with either Hive ransomware or another ransomware variant — the networks of victim organizations who have restored their network without making a ransom payment."

The FBI urges companies to report ransomware incidents to the local field office to help investigators with critical information to track the attackers, "hold them accountable under US law, and prevent future attacks."

tags


Author



Right now

Top posts

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

November 29, 2022

2 min read
How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read
Cyber Tips for a Spook-Free Halloween

Cyber Tips for a Spook-Free Halloween

October 26, 2022

3 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Rackspace customers rage following ransomware attack, as class-action lawsuits filed Rackspace customers rage following ransomware attack, as class-action lawsuits filed
Graham CLULEY

December 09, 2022

3 min read
2.2 Million Patients Affected by Data Breach in Pediatric Software Vendor 2.2 Million Patients Affected by Data Breach in Pediatric Software Vendor
Silviu STAHIE

December 07, 2022

1 min read
Hacking cars remotely with just their VIN Hacking cars remotely with just their VIN
Graham CLULEY

December 05, 2022

2 min read