Cybersecurity alert: New ‘exceptionally aggressive’ ransomware threat

Editor's Note

In an HC3: Analyst Note alert released on April 18, the Department of Health and Human Services (HHS) issued a cybersecurity threat warning for a new ransomware group named Hive that HHS called “exceptionally aggressive” and “financially motivated,” Becker’s Health IT April 20 reports.

According to the alert, the ransomware group Hive has been operational since June 2021 and has since been “very aggressive in targeting the US health sector,” with one late 2021 report noting that Hive became the “fourth most active ransomware operators in the cybercriminal ecosystem… just months after they began operating.”

Becker’s compiled another four items of interest about Hive from the alert:

1. Hive “uses many common ransomware tactics, including the exploit of…VPN and phishing attacks, in addition to more aggressive methods like directly calling the victims to apply pressure and negotiate ransom payments.”
2. “Other tactics…include searching the victim's systems that are tied to backups and either terminating or disrupting those connections, deleting shadow copies, backup files, and even system snapshots.”
3. “Hive also conducts double extortion and supports this with their data leaks site, while operating as a ransomware-as-a-service model.”
4. In the first 100 days since Hive became operational, it “claimed attacks on approximately 355 companies.”

HHS urges all healthcare organizations to increase their preventive security measures, “such as two-factor authentication, strong passwords, sufficient backups of the most critical data, and continuous monitoring,” Becker’s noted.