The FBI has released information about Hive ransomware

The Federal Bureau of Investigation (FBI) has released some technical details related to Hive attacks .

The FBI even included the link to the leak site where the ransomware team publishes data stolen from companies that did not pay a ransom.

screenshot 2021 08 27 at 08 28 22 fbi shares technical details for hive ransomware

Hive ransomware uses various concealment techniques and procedures, which make it very difficult for organizations to defend themselves against attacks, according to the FBI.

Among the methods the group uses to gain access and hide in the network are phishing emails with malicious attachments and remote work (RDP).

Prior to encryption, ransomware Hive steals files that are considered valuable, to force the victim to pay the ransom under the threat of data leakage.

The FBI says the malware looks for processes to make copies of , and the security solutions (such as Windows Defender) that would block it of data encryption and terminates them.

This step is followed by the use of one hive.bat script running a cleansing process, deleting himself when his mission is over.

Another script shadow.bat is in charge of deleting the copies, backup files and snapshots of the system and then deletes it from the compromised server.

The FBI reports that some victims of ransomware Hive said that the perpetrator contacted them asking them to pay a ransom in exchange for the stolen files.

He also notes that the group uses file sharing services, many of which are anonymous, such as Anonfiles, MEGA, Send., Ufile and SendSpace.
Although first spotted in late June, Hive ransomware has already breached more than 30 organizations this summer, a count that includes only victims who have refused to pay a ransom.

The FBI recommends that you do not pay ransomware groups to discourage them from operating. In addition, there is no guarantee that the perpetrator will destroy the stolen data instead of selling it or giving it to third parties.

Whether the victim decides whether to pay for the ransomware or not, the FBI urges companies to report ransomware incidents to help investigators with critical information identify the attackers and be accountable for their actions.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.086 registrants.

fbihiveransomware

Hive, ransomware, fbi, iguru.gr, iguru

Written by Anastasis Vasileiadis

Translations are like women. When they are beautiful they are not faithful and when they are faithful they are not beautiful.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).