Monday, July 22, 2024
HomeComputerFlash Alert Issued By FBI Concerning Hive Ransomeware Operations

Flash Alert Issued By FBI Concerning Hive Ransomeware Operations

The Federal Bureau of Investigation (FBI) has issued a vulnerability notice on the Hive ransomware assaults, which provides technical data and evidence of breach related to the gang’s activities.

The organization recently targeted Memorial Health System, which was compelled to shut down some of its activities.

Hive ransomware has been operational since June 2021, and it uses a Ransomware-as-a-Service model (RaaS) with a wide range of strategies, approaches, and processes (TTPs). According to government specialists, the organization utilizes a variety of methods to infiltrate victims’ networks, comprising of phishing emails with malicious links to obtain access and Remote Desktop Protocol (RDP) to move about when on the server.

The ransomware searches for and kills programs linked with backups, file copying, and anti-virus/anti-spyware in order to allow file encryption. The Hive ransomware appends the .hive suffix to encrypted files’ names. The ransomware then puts a hive.bat code into the directory, which sets a one-second operation timeout before cleaning up once the encryption procedure is finished. The Hive executable, as well as the hive.bat script, are both deleted by the virus. A second file, shadow.bat, is put into the directory and is utilized by ransomware operators to remove shadow copies while also deleting the shadow.bat file.

During the encryption process, encrypted files are renamed with the double final extension of *.key.hive or *.key.*. The ransom note, “HOW_TO_DECRYPT.txt” is dropped into each affected directory and states the key. file cannot be modified, renamed, or deleted, otherwise the encrypted files cannot be recovered.” the FBI’s alert reads. “The note contains a “sales department” link, accessible through a TOR browser, enabling victims to contact the actors through a live chat. Some victims reported receiving phone calls from Hive actors requesting payment for their files.”

The payment deadline is usually 2 to 6 days, however, threat actors have been known to extend it in rare situations owing to continuing negotiations with the target.

The flash notice contains indications of compromise (IoCs), such as the gang’s leak site’s onion address (http://hiveleakdbtnp76ulyhi52eag6c6tyc3xw7ez7iqy6wc34gd2nekazyd.onion).

MEGA, Anonfiles, Send.Exploit, SendSpace, or Ufile are among the file-sharing platforms used by the organization.

The Federal Bureau of Investigation (FBI) issued a new flash notice a few days ago on a malicious attacker known as OnePercent Group, which has been attacking US companies in cybercrimes since before November 2020.



Please enter your comment!
Please enter your name here

Most Popular

Recent Comments

Izzi Казино онлайн казино казино x мобильді нұсқасы on Instagram and Facebook Video Download Made Easy with
Temporada 2022-2023 on CamPhish
2017 Grammy Outfits on Meesho Supplier Panel: Register Now!
React JS Training in Bangalore on Best Online Learning Platforms in India
DigiSec Technologies | Digital Marketing agency in Melbourne on Buy your favourite Mobile on EMI
亚洲A∨精品无码一区二区观看 on Restaurant Scheduling 101 For Better Business Performance

Write For Us