A decryption key for malware deployed by the ransomware gang Hive has been released in response to an uptick in activity from the gang in the past three months. Hive has also switched to a more complex coding language called Rust, which is harder to decrypt, making the key even more valuable.
The decryption tool for version five of Hive’s malware has been released by a malware analyst and reverse engineer known publicly as reecDeep. The key can be found on Github and was created in order to try and quell recent mounting attacks by the gang.
Hive has been ramping up activity in recent months, particularly targeting healthcare organisations. In May, the gang was named by the US Department of Health and Human Services as one of the top-five cybercrime gangs that attacked healthcare services in Q1 2022, with Hive taking credit for 11% of attacks.
Speaking to Tech Monitor, ‘reecDeep’ said the nature of Hive’s attacks meant they felt inspired to build the key and make it publicly available. “Dozens of companies stop doing business because of gangs of criminals. Hospitals are affected by disruption and are unable to provide care to their patients,” they said.
Hive was first spotted in June last year, and in 2021 the gang attacked more than 350 companies, mainly in the health and financial sectors, says a report by security company Group I-B.
Allan Liska, computer security incident response team head at security company Recorded Futures, said the gang has been even busier this year. “Since May of 2022 Hive has accounted for 6.8% of all postings to extortion sites, which has them tied for second-most active group with Black Cat, which is definitely a notable jump,” Liska says.
The gang has also recently updated its coding language to Rust, which is much harder to reverse engineer. “The malware used by Hive being written in the Rust…