Hive Ransomware extorted over $100M in ransom funds from over 1,300 companiesSecurity Affairs | Videogames Tech

Hive ransomware operators have extorted greater than $100 million in ransom funds from greater than 1,300 corporations worldwide as of November 2022.

Risk actors behind Hive ransomware-as-a-service (RaaS) have extorted $100 million in ransom funds from greater than 1,300 corporations worldwide as of November 2022, US cybersecurity and intelligence authorities have reported.

“As of November 2022, Hive ransomware actors have victimized greater than 1,300 corporations worldwide, receiving roughly $100 million in ransom funds,” the alert printed by CISA reads.

Authorities reported that from June 2021 to no less than November 2022, menace actors employed Hive ransomware in assaults focusing on a variety of companies and demanding infrastructure sectors, together with authorities amenities, communications, crucial manufacturing, data expertise, data and, particularly, medical and public consideration. Well being (HPH).

The Hive ransomware operation has been lively since June 2021, offering Ransomware-as-a-Service Hive and adopting a double extortion mannequin that threatens to publish stolen information from victims on its jailbreak web site (HiveLeaks). In April 2021, the Federal Bureau of Investigation (FBI) launched a fast alert on the Hive ransomware assaults that features technical particulars and indicators of compromise related to the gang’s operations. In line with a report printed by blockchain analytics firm Chainalysis, Hive ransomware is without doubt one of the high 10 ransomware strains by income in 2021. The group used varied assault strategies, together with malspam campaigns, weak RDP servers, and credentials. of compromised VPNs.

In June, researchers on the Microsoft Risk Intelligence Middle (MSTIC) found the brand new variant, whereas analyzing a brand new approach utilized by the ransomware to take away .wrench data

The primary distinction between the brand new Hive malware variant is expounded to the programming language utilized by the operators. The previous variants had been written within the Go language, whereas the brand new Hive variant is written in Rust.

The alert notes that the strategy of the preliminary intrusion is determined by which affiliate is focusing on the community. Risk actors had been noticed to realize preliminary entry to sufferer networks utilizing single-factor logins by way of Distant Desktop Protocol (RDP), Digital Personal Networks (VPNs), and different Web connection protocols. distant community. In some assaults, the group was in a position to bypass multi-factor authentication (MFA) and achieve entry to FortiOS servers by exploiting the CVE-2020-12812 vulnerability.

Risk actors additionally gained preliminary entry to victims’ networks via phishing assaults that delivered weaponized paperwork and by exploiting the next flaws in Microsoft Change servers:

• CVE-2021-31207: Microsoft Change Server safety characteristic bypass vulnerability
• CVE-2021-34473: Microsoft Change Server distant code execution vulnerability
• CVE-2021-34523: Microsoft Change Server privilege escalation vulnerability

Authorities consultants additionally warn that Hive operators have been identified to reinfect sufferer networks with Hive ransomware or one other ransomware variant.

The alert contains Indicators of Compromise (IoC), MITER ATT&CK TECHNIQUES, and mitigations.

Observe me on twitter: @safetyissues Y Fb Y Mastodon

Pierluigi Paganini

(Safety Points – piracy, hive)

---

share on