facebook linkedin twitter

FBI Warns of New Hive Ransomware Threat

August 27, 2021 by Reece Nations
The. J. Edgar Hoover FBI Building in Washington, D.C.. (Photo by Dan McCue)

WASHINGTON — The Federal Bureau of Investigation distributed a Flash report on Friday warning of indicators of compromise from the Hive ransomware known to have infiltrated business networks.

The ransomware utilizes multiple mechanisms as attachments to gain access and “Remote Desktop Protocol” to operate once embedded, according to the FBI. Remote agents can then exfiltrate data and encrypt files on the network before leaving a ransom note within a victim’s system.

Victims can be targeted through phishing emails with malicious attachments. Hive’s ransom notes direct victims to purchase decryption software while threatening to leak exfiltrated data on the Tor web browser site known as “HiveLeaks.”

Hive ransomware can locate computer processes related to backups, anti-virus and anti-spyware, and file copying and eliminate them to enable unauthorized file encryption. During the process, encrypted files are renamed with the double final extension of “.key.hive” or “.key.” while a file named “HOW_TO_DECRYPT.txt” is deposited into the affected directories. The ransom explicitly maintains the “key.” file cannot be modified, renamed, or deleted, or else the encrypted files cannot be recovered.

Hive actors institute deadlines for payment between two to six days, but have prolonged deadlines when contacted by victim companies. Some victims claimed they received phone calls from Hive actors requesting payment for their stolen data.

If an entity discovers a ransomware attack, The FBI and the Cybersecurity and Infrastructure Security Agency recommend they isolate infected systems from all other networks, turn off other computers and devices, and secure their backup data. Ransomware victims should contact their local FBI field office for further assistance.

In cooperation with the investigation, the FBI may request certain network information from victims, such as a RAM capture, images of the infected systems, Bitcoin wallets used by the attackers, Bitcoin wallets used to pay the ransom, and the email addresses of the attackers. In the report, the FBI warns against paying a ransom to criminal actors as it may “embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities.” 

Cybercrime

October 22, 2021
by Reece Nations
Commerce Department Tightens Export Controls on Cybersecurity Items

WASHINGTON — The Department of Commerce’s Bureau of Industry and Security announced on Wednesday it would institute new export controls... Read More

WASHINGTON — The Department of Commerce’s Bureau of Industry and Security announced on Wednesday it would institute new export controls over cybersecurity items such as cyber intrusion software that can be used maliciously. The department’s new policy also creates a new license exception for authorized cybersecurity... Read More

October 5, 2021
by Victoria Turner
Cybersecurity Minimum Standards Needed to Keep North America Secure

North American governments should come together to create a trilateral strategy to assess and address threats in a holistic risk-based... Read More

North American governments should come together to create a trilateral strategy to assess and address threats in a holistic risk-based approach to cybersecurity that includes a minimum set of standards, said three experts yesterday. As much as the pandemic has accelerated the rate in which governments... Read More

September 29, 2021
by Victoria Turner
Aspen Cyber Summit Explores Collective Defense in a Digital World

WASHINGTON -- The Cybersecurity Infrastructure and Security Agency has met President Biden’s cybersecurity executive order’s “highly aggressive deadlines so far,”... Read More

WASHINGTON -- The Cybersecurity Infrastructure and Security Agency has met President Biden’s cybersecurity executive order’s “highly aggressive deadlines so far,” but there is “still a lot of work to do,” said CISA Director Jen Easterly Wednesday.  Kicking off the 6th annual Aspen Cyber Summit, Exploring Collective... Read More

September 22, 2021
by Victoria Turner
Identity Authentication Key Piece of Cybersecurity Puzzle

WASHINGTON -- Identity authentication is taking a front-and-center role in the administration's approach to ensuring robust cybersecurity across the U.S.... Read More

WASHINGTON -- Identity authentication is taking a front-and-center role in the administration's approach to ensuring robust cybersecurity across the U.S. government, according to Carole House, director of cybersecurity and secure digital Innovation at the White House National Security Council.  It “sits at the heart of zero... Read More

September 1, 2021
by Tom Ramstack
Executives Advocate for Legislation to Unite Government and Private Cybersecurity

WASHINGTON -- A cybersecurity expert told a congressional panel Wednesday that private industry alone cannot be expected to effectively confront... Read More

WASHINGTON -- A cybersecurity expert told a congressional panel Wednesday that private industry alone cannot be expected to effectively confront the kinds of cyberattacks that have wreaked havoc on U.S. computer networks in recent years. He testified to a House Homeland Security subcommittee as it considers... Read More

August 27, 2021
by Reece Nations
FBI Warns of New Hive Ransomware Threat

WASHINGTON — The Federal Bureau of Investigation distributed a Flash report on Friday warning of indicators of compromise from the... Read More

WASHINGTON — The Federal Bureau of Investigation distributed a Flash report on Friday warning of indicators of compromise from the Hive ransomware known to have infiltrated business networks. The ransomware utilizes multiple mechanisms as attachments to gain access and “Remote Desktop Protocol” to operate once embedded,... Read More

News From The Well
scroll top