FBI Warns of New Hive Ransomware Threat

August 27, 2021 by Reece Nations
FBI Warns of New Hive Ransomware Threat
The. J. Edgar Hoover FBI Building in Washington, D.C.. (Photo by Dan McCue)

WASHINGTON — The Federal Bureau of Investigation distributed a Flash report on Friday warning of indicators of compromise from the Hive ransomware known to have infiltrated business networks.

The ransomware utilizes multiple mechanisms as attachments to gain access and “Remote Desktop Protocol” to operate once embedded, according to the FBI. Remote agents can then exfiltrate data and encrypt files on the network before leaving a ransom note within a victim’s system.

Victims can be targeted through phishing emails with malicious attachments. Hive’s ransom notes direct victims to purchase decryption software while threatening to leak exfiltrated data on the Tor web browser site known as “HiveLeaks.”

Hive ransomware can locate computer processes related to backups, anti-virus and anti-spyware, and file copying and eliminate them to enable unauthorized file encryption. During the process, encrypted files are renamed with the double final extension of “.key.hive” or “.key.” while a file named “HOW_TO_DECRYPT.txt” is deposited into the affected directories. The ransom explicitly maintains the “key.” file cannot be modified, renamed, or deleted, or else the encrypted files cannot be recovered.

Hive actors institute deadlines for payment between two to six days, but have prolonged deadlines when contacted by victim companies. Some victims claimed they received phone calls from Hive actors requesting payment for their stolen data.

If an entity discovers a ransomware attack, The FBI and the Cybersecurity and Infrastructure Security Agency recommend they isolate infected systems from all other networks, turn off other computers and devices, and secure their backup data. Ransomware victims should contact their local FBI field office for further assistance.

In cooperation with the investigation, the FBI may request certain network information from victims, such as a RAM capture, images of the infected systems, Bitcoin wallets used by the attackers, Bitcoin wallets used to pay the ransom, and the email addresses of the attackers. In the report, the FBI warns against paying a ransom to criminal actors as it may “embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities.” 

A+
a-
  • FBI
  • malicious attachments
  • phishing
  • ransomware
  • In The News

    Health

    Voting

    Cybercrime

    October 7, 2023
    by Dan McCue
    Hackers Access DC Voter Records

    WASHINGTON — Hackers breached the District of Columbia's Board of Elections website on Thursday, gaining access to 600,000 "lines" of... Read More

    WASHINGTON — Hackers breached the District of Columbia's Board of Elections website on Thursday, gaining access to 600,000 "lines" of U.S. voter data, including D.C. voters reports, city officials said. Sarah Winn Graham, the spokeswoman for the board, said a hacking group known as RansomVC claimed... Read More

    July 18, 2023
    by Tom Ramstack
    Congress Told AI Holds Great Risks and Benefits for US Military

    WASHINGTON — Artificial intelligence experts warned Tuesday during a congressional hearing of ominous dangers for the United States if it... Read More

    WASHINGTON — Artificial intelligence experts warned Tuesday during a congressional hearing of ominous dangers for the United States if it falls behind in developing the technology but a bright future by taking the lead. One of the greatest risks would be defending against a foreign enemy... Read More

    May 17, 2023
    by Tom Ramstack
    US Prosecutors Indict Russian for Ransomware Attacks

    WASHINGTON — The Justice Department indicted a Russian citizen Tuesday prosecutors accused of ransomware campaigns that netted him and his... Read More

    WASHINGTON — The Justice Department indicted a Russian citizen Tuesday prosecutors accused of ransomware campaigns that netted him and his conspirators about $200 million in stolen payments. The victims were mostly in the United States. They included nonprofits, hospitals and police departments, such as the Washington,... Read More

    March 16, 2023
    by Tom Ramstack
    SEC Seeks Court Order in Investigation of Chinese Cyberattack

    WASHINGTON — A Securities and Exchange Commission investigation of a Chinese cyberattack is being opposed by some of Washington, D.C.’s... Read More

    WASHINGTON — A Securities and Exchange Commission investigation of a Chinese cyberattack is being opposed by some of Washington, D.C.’s biggest law firms. The SEC says it is trying to investigate the extent of 2020 cyberattacks in the United States, such as the one that penetrated... Read More

    T-Mobile Says Data on 37M Customers Stolen

    BOSTON (AP) — The U.S. wireless carrier T-Mobile said Thursday that an unidentified malicious intruder breached its network in late... Read More

    BOSTON (AP) — The U.S. wireless carrier T-Mobile said Thursday that an unidentified malicious intruder breached its network in late November and stole data on 37 million customers, including addresses, phone numbers and dates of birth. T-Mobile said in a filing with the U.S. Securities and... Read More

    December 5, 2022
    by TWN
    Philip Morris International Taking Proactive Role to Help Consumers Know, Fight Illegal Trade

    WASHINGTON — Illegal trade isn’t good. It’s not good for companies who depend on the revenue from their products to... Read More

    WASHINGTON — Illegal trade isn’t good. It’s not good for companies who depend on the revenue from their products to expand and add jobs, and it’s certainly not good for the consumers who unknowingly shell out considerable sums of money for knockoffs that ultimately fall far... Read More

    News From The Well
    scroll top