Hive ransomware is a new emerging threat to organizations, the FBI said in a warning to cyber security professionals.
First seen in June of this year, Hive presents “significant challenges” due to its use of a variety of tactics, techniques and procedures, or so-called TTPs, the FBI said in the advisory.
After gaining access to a victim network, Hive leaves a ransom note in an affected system’s directories with instructions on how to purchase software to unlock the files, the FBI said. The note also threatens to leak the victim’s stolen data. On occasion, victims have reported getting phone calls requesting payment.
Phishing email with malicious attachments is a common Hive tactic to gain access to a network, according to the advisory.
CISA, FBI ISSUE RANSOMWARE WARNING FOR LABOR DAY, OTHER HOLIDAYS
Hive is classified as double-extortion ransomware, according to a report from Palo Alto Networks’ Unit 42.
Conventional ransomware encrypts data so it is no longer accessible by a victim organization, then demands a ransom in return for a decryption key. Double extortion goes further by making threats to leak the data. This is meant to increase the pressure on victims to pay the ransom.
“Hive uses all tools available in the extortion toolset to create pressure on the victim, including the date of initial compromise, countdown, the date the leak was actually disclosed on their site, and even the option to share the disclosed leak on social media,” according to the Unit 42 report.
Since June, Hive has affected 28 organizations, which are listed on the group’s extortion site, Unit 42 said. Those organizations include a European airline and three U.S.-based organizations.
WHEN RANSOMWARE GETS DEADLY: ATTACK BRINGS DOWN HOSPITAL SYSTEM
Hospitals are some of the most vulnerable targets.
“This new strain of ransomware may be of particular concern for health care,” John Riggi, AHA senior advisor for cybersecurity and risk, said in a statement referring to Hive. “The FBI and AHA strongly discourage payment of ransom if at all…