>
The Hive ransomware group reached a major milestone earlier this week, the Cybersecurity Infrastructure and Security Agency (CISA) said in a joint press release, published jointly with the Federal Bureau of Investigation (FBI) and the Department of Health and Human Services (HHS). .
According to the statement, as of June 2021, the group has managed to infect more than 1,300 businesses with its ransomware variant and raised more than $100 million for its efforts.
Moreover, the group does not seem to take no for an answer. The three agencies found that Hive re-infected those victims who chose to restore their networks rather than pay a ransom.
Re-infecting rebel victims
“Hive actors have been known to re-infect – with either Hive ransomware or another ransomware variant – the networks of victim organizations that have restored their network without paying a ransom,” the press release reads.
Hive also casts a relatively wide net when looking for new victims. Although it is somewhat aimed at healthcare and public health (PHP) organizations, it occasionally has a government agency, a communications company, or an IT company.
The three organizations are generally against paying the ransom as it does not guarantee they will get back the decryption key or stolen data. On the other hand, it will certainly motivate the group (as well as other similar groups) to continue to attack, to continue to deploy ransomware and to continue asking for more money.
Instead, they urge victims to report the attack to their local FBI field office or contact CISA via email.
These reports, the release states, will help law enforcement gather key data needed to stay on Hive’s trail, disrupt potential future attacks, and ultimately — bring the threat actors to justice.
Hive was first spotted in the early summer of last year.
Through Beeping computer (opens in new tab)