The Hive Ransomware Gang Threatens to Leak Data Online

A new ransomware gang has made the news with their attacks against a major real estate software firm. After the PYSA Ransomware and DarkSide Ransomware gang, companies worldwide need to worry about the newest name in the field, the Hive Ransomware. Initially, only one victim of the Hive Ransomware was identified, but recently the criminals' website publsihed details about a law firm that was also hacked.

Just like other modern, high-tech ransomware gangs, Hive's operators also steal the victim's data before encrypting it. Then, they threaten their victims that they must pay a ransom fee to receive a decryptor, as well as to stop their files from being published online. Unfortunately, the intentions of Hive Ransomware's operators seem to be serious. They have already set up a website, dubbed HiveLeaks, which contains some of the data stolen from the network of the software development company whose security was breached.

Only Two Victims of the Hive Ransomware Identified So Far

It is not uncommon for high-profile ransomware gangs to share resources and infrastructure, but there is still no connection between the Hive Ransomware gang and any of the other major names in the field. The first victim of the Hive Ransomware was listed on June 23rd, but a second one was announced on June 24th. Allegedly, the files of both victims will be released on June 30th if they do not accept to pay.

The Hive Ransomware criminals have also uploaded sample files whose contents are password-protected – there is no way to verify whether the data belongs to the compromised victims or not. However, judging by the filenames, this is likely to be the case.

Allegedly, the files that the Hive Ransomware locks are renamed by adding the '.hive' extension. It also drops a ransom message titled 'HOW_TO_DECRYPT.txt.' The document contains a link to the HiveLeaks TOR-based website, as well as a unique login and password for the victim. By logging in, victims can see details about the attack, the ransom sum, and more.

Hive Ransomware Ransom Note

It would appear that the Hive Gang has received no payments yet. Unfortunately, even if victims are able to restore their files through a backup, it would still be impossible to prevent the stolen data from being leaked online.

July 2, 2021