Hackers Behind Hive Ransomware Earned $100 Million from 1,300 Victims

Share:

The FBI recently asserted that there have been thousands of companies have been targeted by the notorious Hive ransomware gang since June 2021.

During that time frame, the operators of the Hive ransomware gang extorted a total sum of approximately $100 million.

As a result of the Hive gang’s offensive operation, victims will be exposed to additional ransomware payloads on their networks which will cause further damage to them.

Approximately US$100 million in ransom payments have been collected by Hive ransomware actors as of November 2022, and they collected this hefty amount from more than 1,300 companies globally.

 

Moreover, when the victim organizations have restored their networks without paying any ransom for the restoration of their networks, hive actors have been known to reinfect the networks of these organizations again.

Critical Organization Targeted

There are many organizations from a wide range of sectors and industries listed as victims of this attack in addition to a number of critical infrastructure sectors. There are several victims listed in the victim list, including:-

  • Government facilities
  • Communications
  • Information technology
  • Healthcare entities
  • Public Health (HPH) entities

Platforms Targeted by Ransomware Gang

There has been a disclosure of this in connection with a joint advisory issued with these two organizations:-

  • Cybersecurity and Infrastructure Security Agency (CISA)
  • Department of Health and Human Services (HHS)

The joint advisory released by the FBI in its investigation of Hive ransomware attacks includes the Hive IOCs and TTPs that were employed by the operators.

In order to penetrate a network, the affiliate targeting the network determines the manner in which the intrusion takes place. Actors of the Hive have exploited solitary authentication to gain access to victims’ networks and to do so, they have abused the following mediums:-

  • Remote Desktop Protocol (RDP)
  • Virtual private networks (VPNs)
  • Other remote network connection protocols

There have been instances when Hive actors have managed to circumvent MFA and gain access to FortiOS servers in this manner.

A number of vulnerabilities in Microsoft Exchange servers have also been exploited by Hive actors to gain access to victim networks.

  • CVE-2021-31207 – Microsoft Exchange ServerSecurity Feature Bypass Vulnerability
  • CVE-2021-34473 – Microsoft Exchange Server Remote Code Execution Vulnerability
  • CVE-2021-34523 – Microsoft Exchange Server Privilege Escalation Vulnerability

It has also been noted that Hive ransomware is also capable of infecting the following platforms apart from Windows:-

  • Linux
  • VMware ESXi
  • FreeBSD

Here below is the ransom note used by the threat actors:-

Bild4 1

Mitigations

It is recommended that organizations follow these mitigations as recommended by the FBI, CISA, and HHS:-

  • The network must be verified to be no longer accessible by Hive actors.
  • Once an operating system, software, and firmware update has been released, it is important to install it immediately.
  • The data should be backed up offline regularly, and backups and restorations of the data must be performed on a regular basis.
  • It is essential to encrypt all backup data before saving it.
  • Ensure that PowerShelllogging is enabled.
  • It is recommended that you install an enhanced monitoring tool.
  • It is essential to isolate the system that is infected.
  • You should turn off any other computers or devices that are not in use.
  • Backups should be secured in order to prevent data loss.

 

https://cybersecuritynews.com/hackers-behind-hive-ransomware/

https://cybersecuritynews.com/hackers-behind-hive-ransomware/

Leave a Comment

Your email address will not be published. Required fields are marked *

loader-image
London, GB
1:31 pm, Jul 11, 2025
weather icon 30°C
L: 28° | H: 32°
few clouds
Humidity: 41 %
Pressure: 1020 mb
Wind: 6 mph NNE
Wind Gust: 9 mph
UV Index: 0
Precipitation: 0 mm
Clouds: 13%
Rain Chance: 0%
Visibility: 10 km
Sunrise: 4:56 am
Sunset: 9:15 pm
DailyHourly
Daily ForecastHourly Forecast
Today 10:00 pm
weather icon
28° | 32°°C 0 mm 0% 8 mph 47 % 1019 mb 0 mm/h
Tomorrow 10:00 pm
weather icon
18° | 30°°C 0 mm 0% 9 mph 65 % 1018 mb 0 mm/h
Sun Jul 13 10:00 pm
weather icon
17° | 27°°C 0 mm 0% 7 mph 73 % 1014 mb 0 mm/h
Mon Jul 14 10:00 pm
weather icon
20° | 29°°C 0 mm 0% 14 mph 71 % 1017 mb 0 mm/h
Tue Jul 15 10:00 pm
weather icon
15° | 27°°C 0 mm 0% 13 mph 71 % 1021 mb 0 mm/h
Today 4:00 pm
weather icon
30° | 31°°C 0 mm 0% 5 mph 37 % 1019 mb 0 mm/h
Today 7:00 pm
weather icon
28° | 28°°C 0 mm 0% 5 mph 32 % 1018 mb 0 mm/h
Today 10:00 pm
weather icon
22° | 22°°C 0 mm 0% 8 mph 47 % 1019 mb 0 mm/h
Tomorrow 1:00 am
weather icon
18° | 18°°C 0 mm 0% 4 mph 55 % 1018 mb 0 mm/h
Tomorrow 4:00 am
weather icon
19° | 19°°C 0 mm 0% 4 mph 65 % 1018 mb 0 mm/h
Tomorrow 7:00 am
weather icon
19° | 19°°C 0 mm 0% 6 mph 64 % 1018 mb 0 mm/h
Tomorrow 10:00 am
weather icon
24° | 24°°C 0 mm 0% 6 mph 45 % 1017 mb 0 mm/h
Tomorrow 1:00 pm
weather icon
28° | 28°°C 0 mm 0% 7 mph 30 % 1015 mb 0 mm/h
Name Price24H (%)
Bitcoin(BTC)
€100,979.92
6.47%
Ethereum(ETH)
€2,555.34
7.74%
Tether(USDT)
€0.86
-0.01%
XRP(XRP)
€2.26
7.92%
Solana(SOL)
€140.32
4.29%
USDC(USDC)
€0.86
-0.01%
Dogecoin(DOGE)
€0.170457
10.61%
Shiba Inu(SHIB)
€0.000011
8.20%
Pepe(PEPE)
€0.000011
15.71%
Peanut the Squirrel(PNUT)
€0.248573
19.26%
Scroll to Top