FBI Reveals: Hive Ransomware Extorted $100M from 1,300 Companies
The Government Agency Also Published IOCs and TTPs to Help Cybersecurity Specialists Mitigate the Attacks.
The Federal Bureau of Investigation (FBI) stated that as of November 2022, the infamous Hive ransomware gang has successfully extorted $100 million in ransom payments, from over 1,300 companies worldwide.
This was reported in a joint advisory published yesterday with the Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Health and Human Services (HHS).
As of November 2022, Hive ransomware actors have victimized over 1,300 companies worldwide, receiving approximately US$100 million in ransom payments, according to FBI information.(…) Hive actors have been known to reinfect—with either Hive ransomware or another ransomware variant—the networks of victim organizations who have restored their network without making a ransom payment.
Organizations from a wide range of industries and key infrastructure sectors, such as government facilities, communications, and IT, are among the victims, with a focus on Healthcare and Public Health (HPH) companies.
FBI Shares Indicators of Compromise (IoCs) and TTPs
The joint advisory’s main purpose was to share Hive’s Indicators of Compromise (IOCs) and Tactics, Techniques, and Procedures (TTPs) uncovered by the FBI while investigating Hive ransomware campaigns – in order to help defenders find malicious activity linked to Hive affiliates and mitigate its impact.
FBI’s Advice to Help Mitigate Ransomware Attacks
While the three government agencies supporting the alert do not recommend paying the ransoms, victims are asked to report Hive assaults to their local FBI field office or to CISA at email@example.com regardless of whether they pay the ransom. This will assist law enforcement track ransomware activity, prevent attacks and hold attackers accountable, explains Bleeping Computer.
The FBI also recommends the following actions to help mitigate ransomware attacks:
- Prioritize remediating known exploited vulnerabilities.
- Enable and enforce multifactor authentication with strong passwords
- Close unused ports and remove any application not deemed necessary for day-to-day operations.
The infamous Hive is a Ransomware-as-a-Service (RaaS) operation that has been around since at least June 2021, with several of its members having worked for both Hive and the Conti cybercrime gang. The FBI has previously released evidence of compromise and technical facts related to Hive ransomware attacks in August 2021.
The full official joint advisory alert published by the FBI is available here.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.