Security News > 2022 > November > Hive ransomware crooks extort $100m from 1,300 global victims

Hive ransomware criminals have hit more than 1,300 companies globally, extorting about $100 million from its victims over the last 18 months, according to the FBI. While Hive has only been around since June 2021, the ransomware-as-a-service operator has been extremely prolific in its relatively short existence, and taken an intense liking to critical infrastructure and hospitals, where locked IT systems can literally be a matter of life and death.

While the initial intrusion will depend on which Hive affiliate is carrying out the attack, the criminals have broken into networks using stolen single-factor RDP logins, virtual private networks and other remote network connection protocols, according to the agencies.

Hive affiliates "Likely" exfiltrate data with a combo of Rclone, an open-source program used to move data to cloud storage, and cloud storage service Mega.nz, according to the FBI. And they don't exclusively target Windows' systems: Hive developers have also come up with ransomware variants for Linux, VMware ESXi and FreeBSD. After they've gained initial access, bypassed security features and stolen sensitive information, the criminals move on to encryption.

"Hive actors have been known to reinfect - with either Hive ransomware or another ransomware variant - the networks of victim organizations who have restored their network without making a ransom payment," the FBI warned.

It's also worth noting that paying a ransom isn't a guarantee that an organization won't be hit a second or even a third time by Hive or another ransomware operator.

Less than two hours later, a Hive ransomware affiliate attacked the same company and two weeks later, the organization was attacked a third time by a BlackCat ransomware group.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/11/18/hive_ransomware_fbi/