Ransomware Gang Makes $100 Million

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI) and the Department of Health and Human Services (HHS) have released a joint alert detailing the ransomware gang Hive's lucrative criminal activity. 

These US government cyber security agencies have reported that the Hive ransomware gang has victimised more than 1,300 businesses in the past 18 months, resulting in roughly $100M in ransom payments. 

The group has been active since June 2021 and has offered ransomware-as-a-service. The Hive ransomware has been used in attacks against businesses, critical infrastructure entities, government, healthcare, IT, and manufacturing organisations. 

“Hive actors have gained initial access to victim networks by using single factor logins via Remote Desktop Protocol (RDP), virtual private networks (VPNs), and other remote network connection protocols... In some cases, Hive actors have bypassed multifactor authentication (MFA) and gained access to servers by exploiting Common Vulnerabilities and Exposures (CVE)... This vulnerability enables a malicious cyber actor to log in without a prompt for the user’s second authentication factor (FortiToken) when the actor changes the case of the username... Hive actors have also gained initial access to victim networks by distributing phishing emails with malicious attachments,” says the Joint Alert.

The report discusses the indications that a device or network has been infected by the specific ransomware used by Hive.  

Once it achieves access, the ransomware attempts to identify and terminate anti-malware processes. The ransom note also threatens victims that, if a ransom is not paid, data would be made public on the Tor site ‘HiveLeaks’. The Hive threat actors were also seen using anonymous file sharing sites to leak stolen data on thye Dark Web.

The US agencies warn that Hive actors have been observed reinfecting, either with Hive or other ransomware variant, victims that restored their environments without paying a ransom.

The retail sector is a specific target for Hive ransom attacks and this confirmed by an authoritative threat report by SonicWall, which found that retailers saw a 90% increase in ransomware attacks in 2022, whereby hackers attempt to cripple their day-to-day infrastructure. Other findings include:

  •  A 200% increase in intrusions throughout global retailers.
  • A 122% increase in IOT malware, with click-and-collect devices and warehouse inventory being attacked as shops catch up to giant e-tailers.
  • A 63% increase in cryptojacking, with hackers remotely siphoning off the computing power across a retailer’s organization.  

The FBI, CISA, and HHS do not encourage paying a ransom to criminal actors. Paying a ransom may embolden adversaries to target additional organisations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities. Paying the ransom also does not guarantee that a victim’s files will be recovered. 

When businesses are faced with an inability to function, executives are advised to evaluate all options to protect their shareholders, employees, and customers. “Regardless of whether you or your organisation decide to pay the ransom, the FBI, CISA, and HHS urge you to promptly report ransomware incidents to the FBI or CISA.”

CISA:      SonicWall:      Oodaloop:       Security Week:       Techmonitor:      Techcrunch:    

You Might Also Read: 

Why  Are Businesses Still Falling Victim To Ransomware?:

 

« Ericsson Invests In 6G Network Research
Trump Turns Down Twitter »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

KPMG

KPMG

KPMG s a leading provider of professional services including information technology and cyber security consulting.

Malware.lu

Malware.lu

Malware.lu is a repository of malware and technical analysis. The goal of the project is to provide samples and technical analysis to security researchers.

Vade Secure

Vade Secure

Vade Secure provides protection against the most sophisticated email scams such as phishing and spear phishing, malware and ransomware.

NATO Communications and Information Agency (NCIA)

NATO Communications and Information Agency (NCIA)

The NCIA Cyber Security Service Line is responsible for planning and executing all life cycle management activities for cyber security.

Emerson Electric Co

Emerson Electric Co

Emerson provides industrial automation systems and associated cybersecurity solutions to protect critical process control systems from cyber attack.

REVI-IT

REVI-IT

REVI-IT is a Danish state-owned audit firm focusing on enterprise IT business processes and compliance,

SEC Consult

SEC Consult

SEC Consult is a leading European consultancy for application security services and information security.

Virtru

Virtru

Virtru's Data Protection platform protects and controls sensitive information regardless of where it's been created, stored or shared.

Wipe-Global

Wipe-Global

Wipe-Global is specialized in data erasure with an international established service partner network.

Sigma IT

Sigma IT

SIGMA IT is one of the largest IT services organizations in EMEA region providing a full range of solutions and services including cybersecurity, data protection and business continuity.

BIO-key

BIO-key

BIO-key is a pioneer and innovator, we are recognized as a leading developer of fingerprint biometric authentication and security solutions.

Russell Reynolds Associates

Russell Reynolds Associates

Russell Reynolds Associates is a global leadership advisory and search firm with functional expertise in Digital Leadership, Data & Analytics, and Compliance.

Comparitech

Comparitech

Comparitech strives to promote cyber security and privacy for all. We are committed to providing detailed information to help our readers become more cyber secure and cyber aware.

BlueSteel Cybersecurity

BlueSteel Cybersecurity

BlueSteel is a compliance consulting firm that leverages deep system, data and application expertise to build sustainable cybersecurity solutions.

Chugach Government Solutions (CGS)

Chugach Government Solutions (CGS)

CGS performs work for the Federal Government across 4 unique core lines of business, including: Facilities Management and Maintenance, Construction, Technical IT and Cyber Services, and Educational Se

Karate Labs

Karate Labs

Karate is an open-source unified test automation platform combining API testing, API performance testing, API mocks & UI testing.