Hackers Behind Hive Ransomware Earned $100 Million from 1,300 Victims

The FBI lately asserted that there had been hundreds of firms had been centered by the notorious Hive ransomware gang since June 2021.

For the length of that point physique, the operators of the Hive ransomware gang extorted a full sum of approximately $100 million.

On yarn of the Hive gang’s offensive operation, victims will be uncovered to extra ransomware payloads on their networks that might maybe maybe well maybe also trigger extra hurt to them.

Approximately US$100 million in ransom payments had been silent by Hive ransomware actors as of November 2022, and they silent this hefty amount from more than 1,300 firms globally.

Moreover, when the victim organizations gain restored their networks with out paying any ransom for the restoration of their networks, hive actors had been identified to reinfect the networks of these organizations all any other time.

Indispensable Group Centered

There are many organizations from a large sequence of sectors and industries listed as victims of this attack moreover to a amount of valuable infrastructure sectors. There are several victims listed in the victim list, collectively with:-

• Authorities facilities
• Communications
• Data know-how
• Healthcare entities
• Public Health (HPH) entities

Platforms Centered by Ransomware Gang

There was once a disclosure of this in connection with a joint advisory issued with these two organizations:-

• Cybersecurity and Infrastructure Safety Agency (CISA)
• Division of Health and Human Products and services (HHS)

The joint advisory launched by the FBI in its investigation of Hive ransomware assaults contains the Hive IOCs and TTPs that had been employed by the operators.

In define to penetrate a network, the affiliate focused on the network determines the formulation in which the intrusion takes station. Actors of the Hive gain exploited solitary authentication to avoid losing win admission to to victims’ networks and to realize so, they gain got abused the next mediums:-

• Distant Desktop Protocol (RDP)
• Digital private networks (VPNs)
• Other far off network connection protocols

There had been cases when Hive actors gain managed to bypass MFA and save win admission to to FortiOS servers in this form.

A amount of vulnerabilities in Microsoft Alternate servers gain moreover been exploited by Hive actors to avoid losing win admission to to victim networks.

• CVE-2021-31207 – Microsoft Alternate Server Safety Feature Bypass Vulnerability
• CVE-2021-34473 – Microsoft Alternate Server Distant Code Execution Vulnerability
• CVE-2021-34523 – Microsoft Alternate Server Privilege Escalation Vulnerability

It has moreover been smartly-known that Hive ransomware is moreover able to infecting the next platforms except for Home windows:-

• Linux
• VMware ESXi
• FreeBSD

Here below is the ransom expose venerable by the possibility actors:-

Mitigations

It’s far urged that organizations apply these mitigations as urged by the FBI, CISA, and HHS:-

• The network desires to be verified to be no longer accessible by Hive actors.
• Once an working blueprint, tool, and firmware update has been launched, it is a necessity to install it straight. 
• The records might maybe maybe well maybe also silent be backed up offline on a atypical basis, and backups and restorations of the records desires to be performed on a atypical basis.
• It’s fundamental to encrypt all backup records sooner than saving it.
• Make certain PowerShell logging is enabled.
• It’s far urged that you just put in an enhanced monitoring instrument.
• It’s fundamental to isolate the blueprint that is infected.
• That you just can well maybe maybe also silent turn off any different computers or devices which is also no longer in spend.
• Backups might maybe maybe well maybe also silent be secured in define to dwell records loss.

Azure Filled with life List Safety – Download Free E-E book