Loading...

FBI Warns of New Hive Ransomware Threat

August 27, 2021 by Reece Nations
The. J. Edgar Hoover FBI Building in Washington, D.C.. (Photo by Dan McCue)

WASHINGTON — The Federal Bureau of Investigation distributed a Flash report on Friday warning of indicators of compromise from the Hive ransomware known to have infiltrated business networks.

The ransomware utilizes multiple mechanisms as attachments to gain access and “Remote Desktop Protocol” to operate once embedded, according to the FBI. Remote agents can then exfiltrate data and encrypt files on the network before leaving a ransom note within a victim’s system.

Victims can be targeted through phishing emails with malicious attachments. Hive’s ransom notes direct victims to purchase decryption software while threatening to leak exfiltrated data on the Tor web browser site known as “HiveLeaks.”

Hive ransomware can locate computer processes related to backups, anti-virus and anti-spyware, and file copying and eliminate them to enable unauthorized file encryption. During the process, encrypted files are renamed with the double final extension of “.key.hive” or “.key.” while a file named “HOW_TO_DECRYPT.txt” is deposited into the affected directories. The ransom explicitly maintains the “key.” file cannot be modified, renamed, or deleted, or else the encrypted files cannot be recovered.

Hive actors institute deadlines for payment between two to six days, but have prolonged deadlines when contacted by victim companies. Some victims claimed they received phone calls from Hive actors requesting payment for their stolen data.

If an entity discovers a ransomware attack, The FBI and the Cybersecurity and Infrastructure Security Agency recommend they isolate infected systems from all other networks, turn off other computers and devices, and secure their backup data. Ransomware victims should contact their local FBI field office for further assistance.

In cooperation with the investigation, the FBI may request certain network information from victims, such as a RAM capture, images of the infected systems, Bitcoin wallets used by the attackers, Bitcoin wallets used to pay the ransom, and the email addresses of the attackers. In the report, the FBI warns against paying a ransom to criminal actors as it may “embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities.” 

Cybercrime

November 13, 2021
by Victoria Turner
US Cyber Attack Defenses Assessed at Forum

WASHINGTON — The U.S. is at risk of creating a two-silo cybersecurity strategy impeding its ability to adequately address ever-evolving... Read More

WASHINGTON — The U.S. is at risk of creating a two-silo cybersecurity strategy impeding its ability to adequately address ever-evolving cyber threats from bad actors overseas, a former assistant secretary of defense said Friday. Speaking at an American Enterprise Institute event, Paul Stockton, who is now... Read More

November 9, 2021
by Dan McCue
SolarWinds Sued By Shareholders Over Epic 2020 Data Breach

GEORGETOWN, Del. — Shareholders are suing software provider SolarWinds Corp. in the Delaware Court of Chancery claiming the company directors... Read More

GEORGETOWN, Del. — Shareholders are suing software provider SolarWinds Corp. in the Delaware Court of Chancery claiming the company directors should have known of, and yet did nothing to mitigate, the risk of the massive data breach that took place in 2020. The plaintiffs, led by... Read More

November 2, 2021
by Tom Ramstack
Senate Hears how Criminals Infiltrate Online Sales with Stolen or Fake Goods

WASHINGTON — While toy makers warn Christmas shoppers to beware counterfeit or stolen toys in online purchases, a Senate panel... Read More

WASHINGTON — While toy makers warn Christmas shoppers to beware counterfeit or stolen toys in online purchases, a Senate panel on Tuesday examined options for stopping them. The Senate Judiciary Committee also heard about how knockoff online sales are moving from small-time illegal enterprises to organized... Read More

October 26, 2021
by Tom Ramstack
Bigger Government Role Expected to Protect Industry From Hackers

WASHINGTON — Large-scale cyberattacks continued this week in the United States and abroad as computer security experts told a congressional... Read More

WASHINGTON — Large-scale cyberattacks continued this week in the United States and abroad as computer security experts told a congressional panel Tuesday that more government intervention is needed. On Monday, Microsoft announced that Russia-backed hackers were trying to steal information technology to disrupt the global supply... Read More

October 26, 2021
by Tom Ramstack
Microsoft Says Russian Hackers Again Target Global Supply Chain

WASHINGTON — Microsoft announced Monday that the same hackers who tapped into U.S. government computers in the 2020 SolarWinds cyberattack... Read More

WASHINGTON — Microsoft announced Monday that the same hackers who tapped into U.S. government computers in the 2020 SolarWinds cyberattack continue to attack the global supply chain but with a slightly revamped strategy. This time, the Russia-backed group Microsoft calls Nobelium is piggybacking onto the software... Read More

October 22, 2021
by Reece Nations
Commerce Department Tightens Export Controls on Cybersecurity Items

WASHINGTON — The Department of Commerce’s Bureau of Industry and Security announced on Wednesday it would institute new export controls... Read More

WASHINGTON — The Department of Commerce’s Bureau of Industry and Security announced on Wednesday it would institute new export controls over cybersecurity items such as cyber intrusion software that can be used maliciously. The department’s new policy also creates a new license exception for authorized cybersecurity... Read More

News From The Well
Exit mobile version