Hive Ransomware Actors Extort Over $100 Million From 1,300 Companies, Warns US Government

The Hive ransomware actors follow the ransomware-as-a-service (RaaS) model in which developers create, maintain, and update the malware, and affiliates conduct the ransomware attacks.

Representational Image (Photo Credit: PTI)

San Francisco, November 19: The US government has warned about an ongoing ransomware activity that has victimised over 1,300 companies worldwide, receiving approximately $100 million in ransom payments.

The Hive ransomware actors follow the ransomware-as-a-service (RaaS) model in which developers create, maintain, and update the malware, and affiliates conduct the ransomware attacks. Ransomware Attack in India: Small Businesses at Highest Risk of Cyberattack in the Country, Says Report.

"From June 2021 through at least November 2022, threat actors have used Hive ransomware to target a wide range of businesses and critical infrastructure sectors, including government facilities, communications, critical manufacturing, information technology, and healthcare," read the joint advisory by the FBI, the US Cybersecurity and Infrastructure Security Agency, and the Department of Health and Human Services.

The Hive actors have bypassed multi-factor authentication (MFA) and gained access to aFortiOS' servers by exploiting common vulnerabilities and exposures (CVE) CVE-2020-12812. Cyber Attack: Spike in Ransomware Threat to More Than 1.2 Million Per Month Between January-June, Says Report.

"This vulnerability enables a malicious cyber actor to log in without a prompt for the user's second authentication factor (FortiToken) when the actor changes the case of the username," according to the joint advisory. Hive also attacked power generation company Tata Power in October. The Mumbai-based company had said that the attack impacted some of its IT systems.

Microsoft's Threat Intelligence Center (MSTIC) researchers have warned that Hive upgraded its malware, enabling it to use a more complex encryption method for its ransomware as a service payload.

"Hive actors negotiate ransom demands in US dollars, with initial amounts ranging from several thousand to millions of dollars. Hive actors demand payment in Bitcoin," according to the US advisory.

(The above story first appeared on LatestLY on Nov 19, 2022 01:05 PM IST. For more news and updates on politics, world, sports, entertainment and lifestyle, log on to our website latestly.com).

Share Now

Share Now