The Hive ransomware group crossed a major milestone earlier this week, the Cybersecurity Infrastructure and Security Agency (CISA) said in a joint press release, published together with the Federal Bureau of Investigation (FBI) and the Department of Health and Human Services (HHS).
According to the statement, since June 2021 the group managed to infect more than 1,300 companies with its ransomware variant and raked in north of $100 million for its efforts.
What’s more, the group doesn’t seem to take no for an answer. The three agencies discovered Hive reinfecting those victims that choose to restore their networks instead of paying the ransom demand.
Reinfecting rebellious victims
“Hive actors have been known to reinfect—with either Hive ransomware or another ransomware variant—the networks of victim organizations who have restored their network without making a ransom payment,” the press release reads.
Hive also casts a relatively wide net, when in search of new victims. While it is somewhat focused on Healthcare and Public Health (PHP) organizations, it does enjoy an occasional government entity, communications firm, or IT company.
The three organizations are generally against paying the ransom demand, as that does not guarantee they’ll get the decryption key, or the stolen data back. On the flip side, it will most definitely motivate the group (and other, similar groups, too) to continue attacking, continue deploying ransomware, and continue asking for more money.
Instead, they urge the victims to report the attack to their local FBI field office or reach out to CISA via email.
These reports, it says in the release, will help law enforcement gather key data that’s needed to stay on Hive’s trail, disrupt potential future attacks, and ultimately – bring the threat actors to justice.
Hive was first spotted in the early summer of last year.
Via BleepingComputer (opens in new tab)