The Federal Bureau of Investigation (FBI) has released some technical details related to attacks Hive ransomware.
The FBI even included the link to the leak site where the ransomware team publishes data stolen from companies that did not pay a ransom.
Hive ransomware uses various concealment techniques and procedures, which make it very difficult for organizations to defend themselves against attacks, according to the FBI.
Among the methods the team uses to gain access to and hide from the web are malicious attachments and remote desktop attacks (RDP).
Before the encryption, Hive ransomware steals files deemed valuable, to pressure the victim into paying the ransom under the threat of data leakage.
The FBI says that malicious software looks for backup processes, and security solutions (such as Windows Defender) that would prevent the data encryption process and terminates them.
This step is followed by the use of one hive.bat script running a cleansing process, deleting himself when his mission is over.
Another script shadow.bat is in charge of deleting copies, backups files and system snapshots and then deleted from the compromised host.
The FBI reports that some victims of ransomware Hive said that the perpetrator contacted them asking them to pay a ransom in exchange for the stolen files.
He also notes that the team uses file sharing services, many of which are anonymous, such as Anonfiles, MEGA, Send.Exploit, Ufile and SendSpace.
Although first spotted in late June, Hive ransomware has already breached more than 30 organizations this summer, ameasurement which only includes victims who refused to pay the ransom.
The FBI recommends that you do not pay ransomware groups to discourage them from operating. In addition, there is no guarantee that the perpetrator will destroy the stolen data instead of selling it or giving it to third parties.
Whether the victim decides whether to pay for the ransomware or not, the FBI urges companies to report ransomware incidents to help investigators with critical information identify the attackers and be accountable for their actions.