facebook linkedin twitter

FBI Warns of New Hive Ransomware Threat

August 27, 2021 by Reece Nations
The. J. Edgar Hoover FBI Building in Washington, D.C.. (Photo by Dan McCue)

WASHINGTON — The Federal Bureau of Investigation distributed a Flash report on Friday warning of indicators of compromise from the Hive ransomware known to have infiltrated business networks.

The ransomware utilizes multiple mechanisms as attachments to gain access and “Remote Desktop Protocol” to operate once embedded, according to the FBI. Remote agents can then exfiltrate data and encrypt files on the network before leaving a ransom note within a victim’s system.

Victims can be targeted through phishing emails with malicious attachments. Hive’s ransom notes direct victims to purchase decryption software while threatening to leak exfiltrated data on the Tor web browser site known as “HiveLeaks.”

Hive ransomware can locate computer processes related to backups, anti-virus and anti-spyware, and file copying and eliminate them to enable unauthorized file encryption. During the process, encrypted files are renamed with the double final extension of “.key.hive” or “.key.” while a file named “HOW_TO_DECRYPT.txt” is deposited into the affected directories. The ransom explicitly maintains the “key.” file cannot be modified, renamed, or deleted, or else the encrypted files cannot be recovered.

Hive actors institute deadlines for payment between two to six days, but have prolonged deadlines when contacted by victim companies. Some victims claimed they received phone calls from Hive actors requesting payment for their stolen data.

If an entity discovers a ransomware attack, The FBI and the Cybersecurity and Infrastructure Security Agency recommend they isolate infected systems from all other networks, turn off other computers and devices, and secure their backup data. Ransomware victims should contact their local FBI field office for further assistance.

In cooperation with the investigation, the FBI may request certain network information from victims, such as a RAM capture, images of the infected systems, Bitcoin wallets used by the attackers, Bitcoin wallets used to pay the ransom, and the email addresses of the attackers. In the report, the FBI warns against paying a ransom to criminal actors as it may “embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities.” 

Cybercrime

September 1, 2021
by Tom Ramstack
Executives Advocate for Legislation to Unite Government and Private Cybersecurity

WASHINGTON -- A cybersecurity expert told a congressional panel Wednesday that private industry alone cannot be expected to effectively confront... Read More

WASHINGTON -- A cybersecurity expert told a congressional panel Wednesday that private industry alone cannot be expected to effectively confront the kinds of cyberattacks that have wreaked havoc on U.S. computer networks in recent years. He testified to a House Homeland Security subcommittee as it considers... Read More

August 27, 2021
by Reece Nations
FBI Warns of New Hive Ransomware Threat

WASHINGTON — The Federal Bureau of Investigation distributed a Flash report on Friday warning of indicators of compromise from the... Read More

WASHINGTON — The Federal Bureau of Investigation distributed a Flash report on Friday warning of indicators of compromise from the Hive ransomware known to have infiltrated business networks. The ransomware utilizes multiple mechanisms as attachments to gain access and “Remote Desktop Protocol” to operate once embedded,... Read More

Report: Census Hit by Cyberattack, US Count Unaffected

U.S. Census Bureau computer servers were exploited last year during a cybersecurity attack, but it didn't involve the 2020 census,... Read More

U.S. Census Bureau computer servers were exploited last year during a cybersecurity attack, but it didn't involve the 2020 census, and hackers' attempts to keep access to the system were unsuccessful, according to a watchdog report released Wednesday. The attack took place in January 2020 on... Read More

July 29, 2021
by Tom Ramstack
Government Tries to Play Catch-Up Against Fast-Moving Cyberattacks

WASHINGTON -- Congress took a stab Thursday at improving the nation’s cybersecurity as the federal government mobilizes more resources against... Read More

WASHINGTON -- Congress took a stab Thursday at improving the nation’s cybersecurity as the federal government mobilizes more resources against ransomware and hackers. Both President Joe Biden and members of a House Homeland Security subcommittee described threats to U.S. computer systems as a potentially devastating economic... Read More

July 26, 2021
by Reece Nations
Pegasus Spyware Used to Target Activists, Journalists, Report Finds

An investigation by the Paris-based journalism nonprofit Forbidden Stories and the human rights group Amnesty International revealed thousands of people... Read More

An investigation by the Paris-based journalism nonprofit Forbidden Stories and the human rights group Amnesty International revealed thousands of people were targeted by spyware developed by the Israel-based NSO Group Technologies. Hundreds of human rights activists, government officials, business executives and journalists worldwide had their cellphones... Read More

July 20, 2021
by Tom Ramstack
Government Takes Helm on Cybersecurity As Ransomware and Spying Threats Grow

WASHINGTON -- As the international blame game over ransomware heats up this week, the U.S. government is scrambling for solutions... Read More

WASHINGTON -- As the international blame game over ransomware heats up this week, the U.S. government is scrambling for solutions with increasingly combative strategies. Legislation that won tentative approval in Congress on Monday anticipates a bigger role for the U.S. government in overseeing cybersecurity of critical... Read More

News From The Well
scroll top