The FBI and U.S. Cybersecurity and Infrastructure Security Agency (CISA) released an alert on the increased impact of Hive ransomware on businesses. “As of November 2022, Hive ransomware actors have victimized over 1,300 companies worldwide, receiving approximately US$100 million in ransom payments, according to FBI information.” from CISA alert. The attackers use Hive ransomware as a ransomware-as-a-service (RaaS) model and target a wide range of industries, from government and critical infrastructure to communication and manufacturing. However, the group targets Healthcare and Public Health (HPH) businesses by a large margin over all other sectors.
The group uses various attack vectors to infiltrate business networks. Investigation into the ransomware group has shown Hive gained access through remote desktop applications and virtual private networks (VPNs) with single-factor and multi-factor authentication (MFA) logins. The group also used traditional phishing emails with malicious logins to install malware. After gaining access, the group tried to cover its tracks by terminating processes related to backup and antivirus. They also deleted system logs that could help the company realize they have been infected.
The ransomware price is negotiated on the dark web, and criminals demand payment in Bitcoin. Hive actors also threaten to publish stolen data or reinfect business networks if the victim refuses to pay the ransom. “Hive actors have been known to reinfect—with either Hive ransomware or another ransomware variant—the networks of victim organizations who have restored their network without making a ransom payment.” from CISA alert.
The healthcare and public health sector was the leading industry targeted by ransomware in 2021 by a large margin. Financial services came in second with about one-third the number of attacks as healthcare. The healthcare sector is a favorite target for hackers because of the inconsistency of cybersecurity across the industry. Additionally, healthcare facilities store highly sensitive and personal data, so the probability of payment is higher when the criminal threatens to publish the data.
The alert listed several mitigations and preparations for a cyber incident, including monitoring external remote connections and implementing a recovery plan. Read the complete alert here.
Quanexus IT Support Services for Dayton and Cincinnati
Request your free network assessment today. There is no hassle, or obligation.
If you would like more information, contact us here or call 937.885.7272.
Follow us on Facebook, Twitter and LinkedIn and stay up to date on by subscribing to our email list.
