Ransomware Gang Makes $100 Million

Uploaded on 2022-12-05 in TECHNOLOGY--Hackers, GOVERNMENT-Law Enforcement, FREE TO VIEW

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI) and the Department of Health and Human Services (HHS) have released a joint alert detailing the ransomware gang Hive's lucrative criminal activity. 

These US government cyber security agencies have reported that the Hive ransomware gang has victimised more than 1,300 businesses in the past 18 months, resulting in roughly $100M in ransom payments. 

The group has been active since June 2021 and has offered ransomware-as-a-service. The Hive ransomware has been used in attacks against businesses, critical infrastructure entities, government, healthcare, IT, and manufacturing organisations. 

“Hive actors have gained initial access to victim networks by using single factor logins via Remote Desktop Protocol (RDP), virtual private networks (VPNs), and other remote network connection protocols... In some cases, Hive actors have bypassed multifactor authentication (MFA) and gained access to servers by exploiting Common Vulnerabilities and Exposures (CVE)... This vulnerability enables a malicious cyber actor to log in without a prompt for the user’s second authentication factor (FortiToken) when the actor changes the case of the username... Hive actors have also gained initial access to victim networks by distributing phishing emails with malicious attachments,” says the Joint Alert.

The report discusses the indications that a device or network has been infected by the specific ransomware used by Hive.  

Once it achieves access, the ransomware attempts to identify and terminate anti-malware processes. The ransom note also threatens victims that, if a ransom is not paid, data would be made public on the Tor site ‘HiveLeaks’. The Hive threat actors were also seen using anonymous file sharing sites to leak stolen data on thye Dark Web.

The US agencies warn that Hive actors have been observed reinfecting, either with Hive or other ransomware variant, victims that restored their environments without paying a ransom.

The retail sector is a specific target for Hive ransom attacks and this confirmed by an authoritative threat report by SonicWall, which found that retailers saw a 90% increase in ransomware attacks in 2022, whereby hackers attempt to cripple their day-to-day infrastructure. Other findings include:

  •  A 200% increase in intrusions throughout global retailers.
  • A 122% increase in IOT malware, with click-and-collect devices and warehouse inventory being attacked as shops catch up to giant e-tailers.
  • A 63% increase in cryptojacking, with hackers remotely siphoning off the computing power across a retailer’s organization.  

The FBI, CISA, and HHS do not encourage paying a ransom to criminal actors. Paying a ransom may embolden adversaries to target additional organisations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities. Paying the ransom also does not guarantee that a victim’s files will be recovered. 

When businesses are faced with an inability to function, executives are advised to evaluate all options to protect their shareholders, employees, and customers. “Regardless of whether you or your organisation decide to pay the ransom, the FBI, CISA, and HHS urge you to promptly report ransomware incidents to the FBI or CISA.”

CISA:      SonicWall:      Oodaloop:       Security Week:       Techmonitor:      Techcrunch:    

You Might Also Read: 

Why  Are Businesses Still Falling Victim To Ransomware?:

 

« Ericsson Invests In 6G Network Research
Trump Turns Down Twitter »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

CDW

CDW

CDW is a leading multi-brand provider of information technology solutions to business, government, education and healthcare customers in the United States, the United Kingdom and Canada.

Bishop Fox

Bishop Fox

Bishop Fox is a leading authority in offensive security, providing solutions ranging from continuous penetration testing and attack surface management to product and application security assessments.

iXsystems

iXsystems

iXsystems is a leader in Open-Source enterprise server and storage solutions including Backup & Recovery to protect critical data.

6cure

6cure

The 6cure Threat Protection solution eliminates malicious traffic to critical services in real time and protects against DDoS attacks.

Bunifu Technologies

Bunifu Technologies

Bunifu Technologies is an Information Security and Custom Software Development Company.

Defence Intelligence

Defence Intelligence

Defence Intelligence is an information security firm specializing in advanced malware protection.

Malleum

Malleum

MALLEUM are specialists in penetration testing and security assessments. We think like hackers – and act like them – to disclose discreet dangers to your organization.

David Hayes-Export Controls

David Hayes-Export Controls

David Hayes-Export Controls provides assistance to companies affected by export controls or who are considering entering the market but are unsure of the commercial and regulatory implications.

Cyber Risk Aware

Cyber Risk Aware

Cyber Risk Aware provide a security awareness and phishing simulation platform that focuses on real threats and educates and empowers employees to be the first line of defence.

Argentra

Argentra

Argentra is a specialist engineering company, we have years of experience developing custom security software and providing security risk consulting.

FCI

FCI

FCI is a NIST-Based Managed Security Service Provider (MSSP) offering Cybersecurity Compliance Enablement Technologies & Services to Financial Services organizations.

ClosingLock

ClosingLock

ClosingLock is the leading provider of wire fraud prevention software for the real estate industry.

Axians

Axians

Axians supports its customers in their digital transformation journey. We offer ICT solutions and services in areas including Enterprise Networks and Cybersecurity.

Glasstrail

Glasstrail

Glasstrail are single-minded about helping organisations gather intelligence and manage vulnerabilities in their attack surface before adversaries exploit them.

Acumenis

Acumenis

At Acumenis, we help organisations of all sizes to manage information security effectively. Our key services are penetration testing, ISO 27001 implementations, and security

Soteria LLC

Soteria LLC

Soteria LLC are a client-focused organization providing expert advisory, consulting services, and tailored solutions to prevent, detect, and respond to cybersecurity incidents.