FBI Warns Against New Hive Ransomware Attacks
The US Federal Bureau of Investigation released a formal alert concerning the activity of the Hive ransomware group. The alert was likely prompted by the Hive ransomware attack on Ohio's Memorial Health System that made headlines in mid-August.
The FBI explains that Hive is a ransomware threat actor that emerged on the landscape in June 2021 and infiltrates its victims' systems using a variety of tools and attack vectors, including phishing emails that contain malware allowing RDP takeovers.
The Hive gang both steals records and information from its victims and also encrypts files. This has become standard for all ransomware operations, in an attempt to both blackmail the victim with threats to leak the stolen data and shut down encrypted systems.
Some threat actors have even evolved beyond this double threat approach and have started emailing customers of the victims, announcing their successful attacks. Obviously, this is not a tactic applicable when it comes to attacking hospital and healthcare networks.
The Hive ransomware encrypts files with its eponymous .hive extension and first looks for, then shuts down processes related to anti-malware and backup tools to ensure maximum damage. The ransomware also attempts to delete shadow volume copies, if it manages to find any. The ransomware's initial dropper is a file that shows up as winlo.exe and is observed in C:\Windows\SysWOW64.
Once encryption is complete, the ransomware directs victims to a live-chat session hosted on the Tor network. Curiously, the FBI even stated that some Hive victims have been called on the phone by the threat actors to negotiate the ransom.
According to researchers, the Hive ransomware has so far been deployed in nearly 30 attacks. The attack on hospital networks in West Virginia and Ohio caused urgent surgeries to be cancelled on the day of the breach. Due to the security breach, patients had to be temporarily redirected to other hospitals, which can potentially be a huge threat to the health of emergency cases.
This latest attack highlights the extreme dangers of crucial networks and systems exposed to attack. When ransomware hits a business, the consequences may be very unpleasant and financial loss - significant, but in cases of ransomware attacks on hospital and healthcare networks, there is a very real danger of loss of human life.