Ransomware Gang Makes $100 Million

Uploaded on 2022-12-05 in TECHNOLOGY--Hackers, GOVERNMENT-Law Enforcement, FREE TO VIEW

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI) and the Department of Health and Human Services (HHS) have released a joint alert detailing the ransomware gang Hive's lucrative criminal activity. 

These US government cyber security agencies have reported that the Hive ransomware gang has victimised more than 1,300 businesses in the past 18 months, resulting in roughly $100M in ransom payments. 

The group has been active since June 2021 and has offered ransomware-as-a-service. The Hive ransomware has been used in attacks against businesses, critical infrastructure entities, government, healthcare, IT, and manufacturing organisations. 

“Hive actors have gained initial access to victim networks by using single factor logins via Remote Desktop Protocol (RDP), virtual private networks (VPNs), and other remote network connection protocols... In some cases, Hive actors have bypassed multifactor authentication (MFA) and gained access to servers by exploiting Common Vulnerabilities and Exposures (CVE)... This vulnerability enables a malicious cyber actor to log in without a prompt for the user’s second authentication factor (FortiToken) when the actor changes the case of the username... Hive actors have also gained initial access to victim networks by distributing phishing emails with malicious attachments,” says the Joint Alert.

The report discusses the indications that a device or network has been infected by the specific ransomware used by Hive.  

Once it achieves access, the ransomware attempts to identify and terminate anti-malware processes. The ransom note also threatens victims that, if a ransom is not paid, data would be made public on the Tor site ‘HiveLeaks’. The Hive threat actors were also seen using anonymous file sharing sites to leak stolen data on thye Dark Web.

The US agencies warn that Hive actors have been observed reinfecting, either with Hive or other ransomware variant, victims that restored their environments without paying a ransom.

The retail sector is a specific target for Hive ransom attacks and this confirmed by an authoritative threat report by SonicWall, which found that retailers saw a 90% increase in ransomware attacks in 2022, whereby hackers attempt to cripple their day-to-day infrastructure. Other findings include:

  •  A 200% increase in intrusions throughout global retailers.
  • A 122% increase in IOT malware, with click-and-collect devices and warehouse inventory being attacked as shops catch up to giant e-tailers.
  • A 63% increase in cryptojacking, with hackers remotely siphoning off the computing power across a retailer’s organization.  

The FBI, CISA, and HHS do not encourage paying a ransom to criminal actors. Paying a ransom may embolden adversaries to target additional organisations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities. Paying the ransom also does not guarantee that a victim’s files will be recovered. 

When businesses are faced with an inability to function, executives are advised to evaluate all options to protect their shareholders, employees, and customers. “Regardless of whether you or your organisation decide to pay the ransom, the FBI, CISA, and HHS urge you to promptly report ransomware incidents to the FBI or CISA.”

CISA:      SonicWall:      Oodaloop:       Security Week:       Techmonitor:      Techcrunch:    

You Might Also Read: 

Why  Are Businesses Still Falling Victim To Ransomware?:

 

« Ericsson Invests In 6G Network Research
Trump Turns Down Twitter »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Jones Day

Jones Day

Jones Day is an international law firm based in the United States. Practice areas include Cybersecurity, Privacy & Data Protection.

International Computer Science Institute (ICSI)

International Computer Science Institute (ICSI)

ICSI is a leading independent, nonprofit center for research in computer science. Research areas include network security and privacy.

ABL Cyber Academy

ABL Cyber Academy

ABL provide certified training courses in the field of cyber security and IT project management.

Datec PNG

Datec PNG

Datec is the the largest end-to-end information and communications technology solutions and services provider in Papua New Guinea.

Uppsala Security

Uppsala Security

Uppsala Security built the first crowdsourced Threat Intelligence platform known as the Sentinel Protocol, which is powered by blockchain technology.

XLAB

XLAB

XLAB is an R&D company with a strong research background in the fields of distributed systems, cloud computing, security and dependability of systems.

ISMS.online

ISMS.online

ISMS.online is a cloud software solution for fast & cost-effective implementation of an information security management system and achieve compliance with ISO 27001 and other standards.

Healthcare Fraud Shield (HCFS)

Healthcare Fraud Shield (HCFS)

The focus of Healthcare Fraud Shield is solely on healthcare fraud prevention and payment integrity with a successful approach based on many unique advantages we deliver to our clients.

AXELOS

AXELOS

AXELOS develops best practice frameworks and methodologies used globally by professionals working primarily in IT management and cyber resilience.

CyberNet Albania

CyberNet Albania

Cybernet Albania has been providing IT support and services to small businesses since 2016. We strive to eliminate your IT issues before they cause downtime and impact your operations.

1Kosmos

1Kosmos

1Kosmos provide Digital Identity and Passwordless Authentication for workforce and customers. Powered by advanced biometrics and blockchain technology.

CrossCountry Consulting

CrossCountry Consulting

CrossCountry Consulting is a trusted business advisory firm that provides customized finance, accounting, human capital management, risk, operations and technology consulting services.

Lumifi

Lumifi

Lumifi provide end-to-end cybersecurity resilience solutions with a specialty in managed detection and response (MDR) services.

Xeol

Xeol

Software free of vulnerabilities, built and distributed by trusted entities. Our mission is to help customers secure their software from code to deploy.

Jersey Cyber Security Centre (JCSC)

Jersey Cyber Security Centre (JCSC)

Jersey Cyber Security Centre is the jurisdiction's Cyber Emergency Response Team (CERT) and national technical authority for cyber security.

Liverton Security

Liverton Security

Liverton Security is a New Zealand-owned cyber security provider offering consultancy and security-related products to government and commercial customers throughout New Zealand.