FBI Shares Hive Ransomware IoCs in New AlertFBI Shares Hive Ransomware IoCs in New Alert
Hive ransomware was first spotted in June 2021 and likely operates as an affiliate-based threat.
August 27, 2021
The FBI has published an alert containing the technical details and indicators of compromise (IoCs) pertaining to Hive ransomware, a relatively new threat first observed in June 2021.
Officials say Hive likely operates as an affiliate-based ransomware and uses multiple tactics, techniques, and procedures (TTPs) to compromise enterprise networks. Once on a network, Hive attackers exfiltrate data, encrypt files on the network, and leave a ransom note in each affected directory on a target system.
"Hive ransomware seeks processes related to backups, anti-virus/anti-spyware, and file copying and terminates them to facilitate file encryption," officials report. "The encrypted files commonly end with a .hive extension." They also note how the ransomware drops a file into the directory to delete shadow copies, including disc backup copies or snapshots, without alerting the victim.
The ransom note contains instructions on how to buy decryption software and threatens to leak the victim's stolen data on a Tor site dubbed "HiveLeaks." A link is provided to Hive's "sales department," which is accessed via Tor and connects victims to attackers via chat. Some victims have received phone calls from Hive attackers requesting payment for their files.
The indicators shared in the alert were used by attackers during Hive ransomware attacks, officials note.
Read the FBI's full alert for more information.
About the Author(s)
You May Also Like
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
What's In Your Cloud?Nov 30, 2023