FBI: Hive ransomware has stolen $100 million

21 November 2022
| No comments
B2B Cyber ​​Security ShortNews

Share post

The FBI has investigated the machinations of the Hive ransomware. It was found that more than 1.300 companies worldwide were harmed and about 100 million dollars were extorted. Media Markt and Saturn were prominent victims in Germany. 

The FBI has created a Cybersecurity Advisory (CSA) based on its investigation into the Hive ransomware. The included hints, insights and publications are valuable hints for network defenders. The findings were published on the CISA project page Stop ransomware published.

Loot of $100 million

As of November 2022, Hive ransomware actors have harmed over 1.300 companies worldwide and received around $100 million in ransom payments, according to the FBI. In November 2021, Hive launched cyber attacks against Media Markt and Saturn and blackmailed them. Hive ransomware follows the ransomware-as-a-service (RaaS) model, where developers create, maintain, and update the malware, and partners execute the ransomware attacks.

From June 2021 through at least November 2022, threat actors deployed Hive ransomware to target a wide range of businesses and critical infrastructure, including government facilities, communications facilities, critical manufacturing facilities, information technology, and most notably healthcare and social services.

Classic attack scenarios

The method of initial penetration depends on which company is attacking the network. Hive actors have gained initial access to victim networks by logging in via Remote Desktop Protocol (RDP), virtual private networks (VPNs), and other single-factor remote network connection protocols.

In some cases, Hive actors have bypassed multi-factor authentication (MFA) and gained access to FortiOS servers by exploiting the CVE-2020-12812 vulnerability. This vulnerability allows a malicious cyber actor to log in without being prompted for the user's second factor of authentication (FortiToken) if the actor changes the case of the username.

Hive actors have also gained initial access to victim networks by distributing phishing emails with malicious attachments and exploiting the following vulnerabilities in Microsoft Exchange servers.

More at CISA.gov.com

 

Matching articles on the topic

Report: 40 percent more phishing worldwide

The current spam and phishing report from Kaspersky for 2023 speaks for itself: users in Germany are after ➡ Read more

BSI sets minimum standards for web browsers

The BSI has revised the minimum standard for web browsers for administration and published version 3.0. You can remember that ➡ Read more

Stealth malware targets European companies

Hackers are attacking many companies across Europe with stealth malware. ESET researchers have reported a dramatic increase in so-called AceCryptor attacks via ➡ Read more

IT security: Basis for LockBit 4.0 defused

Trend Micro, working with the UK's National Crime Agency (NCA), analyzed the unpublished version that was in development ➡ Read more

MDR and XDR via Google Workspace

Whether in a cafe, airport terminal or home office – employees work in many places. However, this development also brings challenges ➡ Read more

Test: Security software for endpoints and individual PCs

The latest test results from the AV-TEST laboratory show very good performance of 16 established protection solutions for Windows ➡ Read more

AI on Enterprise Storage fights ransomware in real time

NetApp is one of the first to integrate artificial intelligence (AI) and machine learning (ML) directly into primary storage to combat ransomware ➡ Read more

FBI: Internet Crime Report counts $12,5 billion in damage 

The FBI's Internet Crime Complaint Center (IC3) has released its 2023 Internet Crime Report, which includes information from over 880.000 ➡ Read more

Short news
, , , , ,