Hive ransomware has extorted more than $100m, FBI warns

The FBI and CISA warned that threat actors have ‘especially’ targeted healthcare companies, along with other critical infrastructure sectors.

US security organisations have issued a warning on the growing prevalence of hive ransomware, which has “vicitmised” more than 1,300 companies worldwide.

The US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI claim that threat actors have used this ransomware to target “a wide range of businesses and critical infrastructure sectors”.

The targets have included government facilities, communications, critical manufacturing, IT and “especially” healthcare services.

Since June 2021, the FBI and CISA claim hive ransomware has successfully extorted more roughly $100m from companies.

The security organisations have released a joint cybersecurity advisory with the US department of health and human services to warn companies on the tactics and techniques of the cybercriminals.

If organisations refuse to pay, the ransomware gang threatens to steal data and post it on the internet. The threat actors are also known to reinfect the networks of organisations that restore their systems without paying a ransom.

The joint advisory warning contains a list of mitigations organisations should follow to protect themselves from ransomware attacks. These include keeping offline backups of data, ensuring backup data is encrypted and regularly updating anti-virus and anti-malware software.

Organisations should also review the security posture of third-party vendors and other businesses that are “interconnected with your organisation”.

Raj Samani, the SVP Chief Scientist at cybersecurity company Rapid7, said the joint advisory shows that extortion tactics are working and said that “unsurprisingly, one of their biggest targets is the healthcare industry”.

Research by Rapid7 suggests that the healthcare and pharmaceuticals industry suffered a large amount of ransomware attacks between April 2020 and February 2022. More than 70pc of “data disclosures” in the sector involved finance and accounting data, with 58pc including patient data.

“Organisations need multiple layers of defence against ransomware attacks in order to protect themselves,” Samani said.

“This includes not just technologies to detect potential intrusion, or lateral movement, but also implementing security controls, should the threat remain undetected, such as the use of file encryption.”

Cybercriminals have been increasingly targeting critical infrastructure in order to cause further pressure from their attacks and have their ransom demands met.

A French hospital was hit with a ransomware attack in August, forcing it to send patients to other institutions as it tries to fix its impacted systems.

Earlier this month, the UK’s National Health Service suffered disruptions from a cyberattack, which targeted systems that facilitate patient referrals, ambulance bookings, out-of-hour appointments and emergency prescriptions.

Last year, the Irish health service suffered a “significant and serious” ransomeware attack that affected more than 80pc of IT infrastructure

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.