According to a joint statement released by the FBI with CISA and HHS, the Hive ransomware gang has successfully extorted nearly $100 million from around 1,300 companies worldwide since June 2021.
The advisory was released to educate potential victims about the group’s indicators of compromise (IOCs) as well as techniques, tactics and procedures that the FBI has discovered over the course of the last one and a half years investigating attacks by the group, hoping to halt the group’s progress and limit damages.
Hive has seen rapid progress as a ransomware-as-a-service (RaaS) group and has been active since at least June 2021. The group is also said to have close ties with the Conti Ransomware group, with some of its members reportedly working in both groups simultaneously for at least six months starting from November 2021.
The Bureau claims that gang deploys additional malware or ransomware payloads on victims that refuse to pay the ransom, further encrypting their files and ensuring recovery is a difficult process, if at all possible. The list of targets has included anything from critical infrastructure facilities, government agencies, communication and IT companies and a special focus on healthcare and public health (HPH) entities.
This tactic of further encrypting files when not receiving a ransom has urged more and more victims to pay up, a practice all three agencies advise against. Regardless of whether a victim pays the ransom, they must report the attack at their local FBI field office or to the CISA.
This isn’t the first time the FBI has warned the public against the group. An advisory including indicators of compromise and technical details about the group’s attacks was released back in August last year as well.
Last month, Hive ransomware gang attacked Tata Power and leaked employee data, including PAN, Salary, Aadhaar and certificates.