FBI Warns Against New Hive Ransomware Attacks

The US Federal Bureau of Investigation released a formal alert concerning the activity of the Hive ransomware group. The alert was likely prompted by the Hive ransomware attack on Ohio's Memorial Health System that made headlines in mid-August.

The FBI explains that Hive is a ransomware threat actor that emerged on the landscape in June 2021 and infiltrates its victims' systems using a variety of tools and attack vectors, including phishing emails that contain malware allowing RDP takeovers.

The Hive gang both steals records and information from its victims and also encrypts files. This has become standard for all ransomware operations, in an attempt to both blackmail the victim with threats to leak the stolen data and shut down encrypted systems.

Some threat actors have even evolved beyond this double threat approach and have started emailing customers of the victims, announcing their successful attacks. Obviously, this is not a tactic applicable when it comes to attacking hospital and healthcare networks.

The Hive ransomware encrypts files with its eponymous .hive extension and first looks for, then shuts down processes related to anti-malware and backup tools to ensure maximum damage. The ransomware also attempts to delete shadow volume copies, if it manages to find any. The ransomware's initial dropper is a file that shows up as winlo.exe and is observed in C:\Windows\SysWOW64.

Once encryption is complete, the ransomware directs victims to a live-chat session hosted on the Tor network. Curiously, the FBI even stated that some Hive victims have been called on the phone by the threat actors to negotiate the ransom.

According to researchers, the Hive ransomware has so far been deployed in nearly 30 attacks. The attack on hospital networks in West Virginia and Ohio caused urgent surgeries to be cancelled on the day of the breach. Due to the security breach, patients had to be temporarily redirected to other hospitals, which can potentially be a huge threat to the health of emergency cases.

This latest attack highlights the extreme dangers of crucial networks and systems exposed to attack. When ransomware hits a business, the consequences may be very unpleasant and financial loss - significant, but in cases of ransomware attacks on hospital and healthcare networks, there is a very real danger of loss of human life.

By Zaib
August 27, 2021
Computer Security
English
August 27, 2021
Computer Security

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

Ransomware

How to Protect Backups Against Ransomware Attacks

Almost everything we do nowadays gets digitalized for the purpose of easy storage and accessibility. Whether it's a private person's projects stored on their own PC, or a huge list of employees, schedules, goods and... Read more

August 2, 2019
Ransomware

The Hive Ransomware Gang Threatens to Leak Data Online

A new ransomware gang has made the news with their attacks against a major real estate software firm. After the PYSA Ransomware and DarkSide Ransomware gang, companies worldwide need to worry about the newest name in... Read more

July 2, 2021
Computer Security

Microsoft Warns Against Sophisticated Phishing Campaign

Microsoft Security Intelligence tweeted out a warning for a phishing campaign that is currently ongoing and is more involved and elaborate than most. The phishing attacks are targeting Office 365 users and... Read more

August 2, 2021
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.