Hive ransomware actors extort over $100 mn from victims, warns US

by IANS |

San Francisco, Nov 19 (IANS) The US government has warned about an ongoing ransomware activity that has victimised over 1,300 companies worldwide, receiving approximately $100 million in ransom payments.

The Hive ransomware actors follow the ransomware-as-a-service (RaaS) model in which developers create, maintain, and update the malware, and affiliates conduct the ransomware attacks.

"From June 2021 through at least November 2022, threat actors have used Hive ransomware to target a wide range of businesses and critical infrastructure sectors, including government facilities, communications, critical manufacturing, information technology, and healthcare," read the joint advisory by the FBI, the US Cybersecurity and Infrastructure Security Agency, and the Department of Health and Human Services.

The Hive actors have bypassed multi-factor authentication (MFA) and gained access to aFortiOS' servers by exploiting common vulnerabilities and exposures (CVE) CVE-2020-12812.

"This vulnerability enables a malicious cyber actor to log in without a prompt for the user's second authentication factor (FortiToken) when the actor changes the case of the username," according to the joint advisory.

Hive also attacked power generation company Tata Power in October. The Mumbai-based company had said that the attack impacted some of its IT systems.

Microsoft's Threat Intelligence Center (MSTIC) researchers have warned that Hive upgraded its malware, enabling it to use a more complex encryption method for its ransomware as a service payload.

"Hive actors negotiate ransom demands in US dollars, with initial amounts ranging from several thousand to millions of dollars. Hive actors demand payment in Bitcoin," according to the US advisory.

Latest News
Rahul issue: PM burnt in effigy, massive protests across Wayanad for 2nd day Sat, Mar 25, 2023, 02:45 PM
India registers fresh 1,590 Covid cases, 6 deaths Sat, Mar 25, 2023, 02:42 PM
Motorsports: Celebratory weekend kicks off with WIAA 'Women's Rally to the Valley' 2023 Sat, Mar 25, 2023, 02:38 PM
Snap acquires Th3rd that creates digital 3D counterparts of people, products Sat, Mar 25, 2023, 02:35 PM
Will continue to address concerns of Punjabi community in Canada: Minister Sat, Mar 25, 2023, 02:29 PM
Rahul Gandhi says he isn't Savarkar, won't apologise Sat, Mar 25, 2023, 02:04 PM
Severe thunderstorm warning for Aus state ahead of Earth Hour event Sat, Mar 25, 2023, 02:00 PM
Threat calls to Nitin Gadkari: Maha cops inspect Karnataka prison Sat, Mar 25, 2023, 01:58 PM
Congress stages protest march in Guwahati over Rahul Gandhi's disqualification Sat, Mar 25, 2023, 12:50 PM
Bengal government issues guidelines for civic volunteers in police duty Sat, Mar 25, 2023, 12:45 PM
PM arrives in Karnataka; inaugurates hospital, to dedicate Metro line in B'luru Sat, Mar 25, 2023, 12:36 PM
Yemen government warns of return to full-scale conflict as Houthis escalate attacks Sat, Mar 25, 2023, 12:13 PM
Is Pinarayi Vijayan playing games to appease Modi? asks Cong on Rahul issue Sat, Mar 25, 2023, 12:11 PM
Delhi court adjourns hearing on Sisodia's bail plea in ED case for April 5 Sat, Mar 25, 2023, 11:36 AM
Land-for-job case: ED summons Misa Bharti, asks her to appear today Sat, Mar 25, 2023, 11:22 AM