FBI Shares Hive Ransomware IoCs in New Alert
Hive ransomware was first spotted in June 2021 and likely operates as an affiliate-based threat.
The FBI has published an alert containing the technical details and indicators of compromise (IoCs) pertaining to Hive ransomware, a relatively new threat first observed in June 2021.
Officials say Hive likely operates as an affiliate-based ransomware and uses multiple tactics, techniques, and procedures (TTPs) to compromise enterprise networks. Once on a network, Hive attackers exfiltrate data, encrypt files on the network, and leave a ransom note in each affected directory on a target system.
"Hive ransomware seeks processes related to backups, anti-virus/anti-spyware, and file copying and terminates them to facilitate file encryption," officials report. "The encrypted files commonly end with a .hive extension." They also note how the ransomware drops a file into the directory to delete shadow copies, including disc backup copies or snapshots, without alerting the victim.
The ransom note contains instructions on how to buy decryption software and threatens to leak the victim's stolen data on a Tor site dubbed "HiveLeaks." A link is provided to Hive's "sales department," which is accessed via Tor and connects victims to attackers via chat. Some victims have received phone calls from Hive attackers requesting payment for their files.
The indicators shared in the alert were used by attackers during Hive ransomware attacks, officials note.
Read the FBI's full alert for more information.
About the Author(s)
You May Also Like
Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024