HQ/EMEAFind out how we can help your business
The FBI revealed last week that the Hive ransomware gang had extorted approximately $100 million from more than a thousand entities since June last year. The more concerning part is that the Hive group still has something that needs to be done, as the FBI warns organisations that the group will launch additional ransomware payloads.
The new ransomware payloads are for the victims who decline to provide the ransom payment asked by the Hive operators.
Based on reports, the Hive ransomware gang have successfully compromised more than 1,300 entities globally, converting them into millions of dollars in ransom payments.
The group’s success relied heavily on reinfection since the attackers are notorious for relaunching the Hive ransomware payload or another variant. The new variants are commonly found by researchers in the networks of the targeted organisation who have restored their network without paying the adversaries.
The healthcare sector received the most damage from the Hive ransomware gang.
According to the federal law enforcement agency, the Hive ransomware gang list of victims includes organisations from different sectors such as communications, IT, and government infrastructure. Unfortunately, the most impacted sector was the Healthcare and Public Health industry.
FBI’s advisory was published by then to spread awareness regarding Hive’s IOCs and TTPs. The announcement aims to aid security defenders in detecting malicious activity associated with Hive affiliates and mitigate the impact of Hive ransomware operations.
Currently, the FBI encourages all affected entities to share some samples of Hive ransomware attacks to help other researchers study its patterns. Furthermore, most federal agencies do not urge affected entities to pay the ransom to the threat operators since it will most likely boost the confidence of other threat actors to execute more ransomware campaigns.
Organisations should immediately report these attacks to law enforcement rather than keep them and wait for other solutions. Through submitting reports, companies could aid law enforcement agencies in collecting critical data needed to keep tabs on the ransomware operation’s plans.
Immediate reports could help prevent additional ransomware attacks and could counter the threat actors for their malicious behaviours.
