FBI Shares Hive Ransomware IoCs in New AlertFBI Shares Hive Ransomware IoCs in New Alert
Hive ransomware was first spotted in June 2021 and likely operates as an affiliate-based threat.
August 27, 2021

The FBI has published an alert containing the technical details and indicators of compromise (IoCs) pertaining to Hive ransomware, a relatively new threat first observed in June 2021.
Officials say Hive likely operates as an affiliate-based ransomware and uses multiple tactics, techniques, and procedures (TTPs) to compromise enterprise networks. Once on a network, Hive attackers exfiltrate data, encrypt files on the network, and leave a ransom note in each affected directory on a target system.
"Hive ransomware seeks processes related to backups, anti-virus/anti-spyware, and file copying and terminates them to facilitate file encryption," officials report. "The encrypted files commonly end with a .hive extension." They also note how the ransomware drops a file into the directory to delete shadow copies, including disc backup copies or snapshots, without alerting the victim.
The ransom note contains instructions on how to buy decryption software and threatens to leak the victim's stolen data on a Tor site dubbed "HiveLeaks." A link is provided to Hive's "sales department," which is accessed via Tor and connects victims to attackers via chat. Some victims have received phone calls from Hive attackers requesting payment for their files.
The indicators shared in the alert were used by attackers during Hive ransomware attacks, officials note.
Read the FBI's full alert for more information.
About the Author(s)
You May Also Like
Modern Supply Chain Security: Integrated, Interconnected, and Context-Driven
Nov 06, 2023How to Combat the Latest Cloud Security Threats
Nov 06, 2023Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and Phishing
Nov 01, 2023SecOps & DevSecOps in the Cloud
Nov 06, 2023What's In Your Cloud?
Nov 30, 2023