The Federal Bureau of Investigation (FBI) has released some technical details related to Hive ransomware attacks.
The FBI even included the link to the leak site where the ransomware team publishes data stolen from companies that did not pay a ransom.
Hive ransomware uses various concealment techniques and procedures, which make it very difficult for organizations to defend themselves against attacks, according to the FBI.
Among the methods the team uses to gain access to and hide from the web are malicious attachments and remote desktop attacks (RDP).
Prior to encryption, ransomware Hive steals files that are considered valuable, to force the victim to pay the ransom under the threat of data leakage.
The FBI says the malware is looking for backup processes, and security solutions (such as Windows Defender) that would block the data encryption process and terminate them.
This step is followed by the use of one hive.bat script running a cleansing process, deleting himself when his mission is over.
Another script shadow.bat is in charge of deleting the copies, backup files and snapshots of the system and then deletes it from the compromised server.
The FBI reports that some victims of ransomware Hive said that the perpetrator contacted them asking them to pay a ransom in exchange for the stolen files.
He also notes that the team uses file sharing services, many of which are anonymous, such as Anonfiles, MEGA, Send.Exploit, Ufile and SendSpace.
Although first spotted in late June, Hive ransomware has already breached more than 30 organizations this summer, a count that includes only victims who have refused to pay a ransom.
The FBI recommends that you do not pay ransomware groups to discourage them from operating. In addition, there is no guarantee that the perpetrator will destroy the stolen data instead of selling it or giving it to third parties.
Whether the victim decides whether to pay for the ransomware or not, the FBI urges companies to report ransomware incidents to help investigators with critical information identify the attackers and be accountable for their actions.