The Hive ransomware group passed an important milestone earlier this week, the Cybersecurity Infrastructure and Security Agency (CISA) said in a joint press release, published jointly with the Federal Bureau of Investigation (FBI) and the Department of Health and Human Services (HHS).
According to the statement, since June 2021, the group has managed to infect more than 1,300 companies with its ransomware variant and rake in over $100 million for their efforts.
Moreover, the group does not seem to take no for an answer. Three agencies discovered that Hive reinfects those victims who chose to restore their networks rather than pay the ransom demand.
Re-infecting rebellious victims
βThe Hive actors have been known to reinfect β with the Hive ransomware or another ransomware variant β the networks of victim organizations who restored their network without paying the ransom,β reads the press release.
Hive also casts a relatively wide net in search of new victims. While it has some focus on healthcare and public health (PHP) organizations, it occasionally uses a government entity, a communications company, or an IT company.
These three organizations generally oppose ransom demands as it does not guarantee recovery of the decryption key or stolen data. On the other hand, it will surely motivate the group (as well as other similar groups) to continue attacking, further deploying ransomware, and continuing to ask for more money.
Instead, they urge victims to report the attack to their local FBI field office or contact CISA via email.
These reports will help law enforcement gather the critical data needed to stay on Hive’s trail, thwart potential future attacks, and ultimately bring cybercriminals to justice.
Hive was first spotted early last summer.
By Beeping Computer (opens in a new tab)