Hive Ransomware Attackers Extorted $100 Million from Over 1,300 Corporations Worldwide

The risk actors behind the Hive ransomware-as-a-service (RaaS) scheme have launched assaults in opposition to over 1,300 firms the world over, netting the gang $100 million in illicit funds as of November 2022.

“Hive ransomware has focused a variety of companies and significant infrastructure sectors, together with authorities amenities, communications, crucial manufacturing, data expertise, and — particularly — Healthcare and Public Well being (HPH),” U.S. cybersecurity and intelligence authorities stated in an alert.

Lively since June 2021, Hive’s RaaS operation entails a mixture of builders, who create and handle the malware, and associates, who’re liable for conducting the assaults on track networks by usually buying preliminary entry from preliminary entry brokers (IABs).

Typically, gaining a foothold entails the exploitation of ProxyShell flaws in Microsoft Alternate Server, adopted by taking steps to terminate processes related to antivirus engines and information backups in addition to delete Home windows occasion logs.

The risk actor, which not too long ago upgraded its malware to Rust as a detection evasion measure, can be recognized to take away virus definitions previous to encryption.

“Hive actors have been recognized to reinfect — with both Hive ransomware or one other ransomware variant — the networks of sufferer organizations who’ve restored their community with out making a ransom cost,” the U.S. Cybersecurity and Infrastructure Safety Company (CISA) stated.

Based on information shared by cybersecurity firm Malwarebytes, Hive compromised about seven victims in August 2022, 14 in September, and two different entities in October, marking a drop in exercise from July, when the group focused 26 victims.