Ransomware Gang Makes $100 Million

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI) and the Department of Health and Human Services (HHS) have released a joint alert detailing the ransomware gang Hive's lucrative criminal activity. 

These US government cyber security agencies have reported that the Hive ransomware gang has victimised more than 1,300 businesses in the past 18 months, resulting in roughly $100M in ransom payments. 

The group has been active since June 2021 and has offered ransomware-as-a-service. The Hive ransomware has been used in attacks against businesses, critical infrastructure entities, government, healthcare, IT, and manufacturing organisations. 

“Hive actors have gained initial access to victim networks by using single factor logins via Remote Desktop Protocol (RDP), virtual private networks (VPNs), and other remote network connection protocols... In some cases, Hive actors have bypassed multifactor authentication (MFA) and gained access to servers by exploiting Common Vulnerabilities and Exposures (CVE)... This vulnerability enables a malicious cyber actor to log in without a prompt for the user’s second authentication factor (FortiToken) when the actor changes the case of the username... Hive actors have also gained initial access to victim networks by distributing phishing emails with malicious attachments,” says the Joint Alert.

The report discusses the indications that a device or network has been infected by the specific ransomware used by Hive.  

Once it achieves access, the ransomware attempts to identify and terminate anti-malware processes. The ransom note also threatens victims that, if a ransom is not paid, data would be made public on the Tor site ‘HiveLeaks’. The Hive threat actors were also seen using anonymous file sharing sites to leak stolen data on thye Dark Web.

The US agencies warn that Hive actors have been observed reinfecting, either with Hive or other ransomware variant, victims that restored their environments without paying a ransom.

The retail sector is a specific target for Hive ransom attacks and this confirmed by an authoritative threat report by SonicWall, which found that retailers saw a 90% increase in ransomware attacks in 2022, whereby hackers attempt to cripple their day-to-day infrastructure. Other findings include:

  •  A 200% increase in intrusions throughout global retailers.
  • A 122% increase in IOT malware, with click-and-collect devices and warehouse inventory being attacked as shops catch up to giant e-tailers.
  • A 63% increase in cryptojacking, with hackers remotely siphoning off the computing power across a retailer’s organization.  

The FBI, CISA, and HHS do not encourage paying a ransom to criminal actors. Paying a ransom may embolden adversaries to target additional organisations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities. Paying the ransom also does not guarantee that a victim’s files will be recovered. 

When businesses are faced with an inability to function, executives are advised to evaluate all options to protect their shareholders, employees, and customers. “Regardless of whether you or your organisation decide to pay the ransom, the FBI, CISA, and HHS urge you to promptly report ransomware incidents to the FBI or CISA.”

CISA:      SonicWall:      Oodaloop:       Security Week:       Techmonitor:      Techcrunch:    

You Might Also Read: 

Why  Are Businesses Still Falling Victim To Ransomware?:

 

« Ericsson Invests In 6G Network Research
Trump Turns Down Twitter »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Eden Legal

Eden Legal

Eden Legal provides legal services on commercial and regulatory issues affecting digital businesses.

Security Stronghold

Security Stronghold

Security Stronghold is focused on protecting computers from malicious programs like viruses, Trojans, spyware, adware, trackware, keyloggers and other kinds of online threats.

Herjavec Group

Herjavec Group

Herjavec Group's Managed Security Services practice defends your organization from increasingly sophisticated, targeted cybercrime threats.

aeCERT

aeCERT

aeCERT is the national Computer Emergency Response Team for the United Arab Emirates.

Nok Nok Labs

Nok Nok Labs

Nok Nok is a market leader in next generation authentication for cloud, mobile and IoT applications.

SecurityHQ

SecurityHQ

SecurityHQ (formerly known as Si Consult) is a Global Managed Security Service Provider (MSSP) that monitors networks 24/7, to ensure complete visibility and protection against your cyber threats.

Expanse

Expanse

Expanse SaaS-delivered products plus service expertise reduce your internet edge risk to prevent breaches and successful attacks.

Cyberarch Consulting

Cyberarch Consulting

Cyberarch is a security-focused consulting firm. We provide services specializing in information security, digital forensics, penetration testing and cyber security training.

Industrial Cybersecurity Center (CCI)

Industrial Cybersecurity Center (CCI)

CCI is the first center of its kind that comes from industry without subsidies, independent and non-profit, to promote and contribute to the improvement of Industrial Cybersecurity.

K2 Cyber Security

K2 Cyber Security

K2 Cyber Security delivers the Next Generation Application Workload Protection Platform to secure web applications and container workloads against sophisticated attacks.

Bolt Learning

Bolt Learning

Bolt's Cyber Security eLearning module provides users with an in-depth understanding of cybercrime, how it can occur and what everyone can contribute to preventing it.

IT Band Systems

IT Band Systems

IT Band Systems is an international provider of IT products and services including web server monitoring and web security consulting.

Predatech

Predatech

A cyber security consultancy offering a range of services, including CREST accredited penetration testing, vulnerability assessments and certifications incl. Cyber Essentials & Cyber Essentials Plus.

BlockAPT

BlockAPT

BlockAPT, empowering you with an advanced, intelligent cyber defence platform. We protect our customers digital assets by unifying operational technologies against advanced persistent threats.

Beyon Cyber

Beyon Cyber

Beyon Cyber offer a complete portfolio of advanced solutions & services for cyber security in Bahrain.

Red Maple Technologies

Red Maple Technologies

Started and run by engineers from the UK Intelligence and Defence communities, Red Maple is a technical consultancy and product company.