FBI issues alert about Hive ransomware

The U.S. Federal Bureau of Investigation has issued a flash warning about Hive, a newly observed ransomware reportedly linked to the attack on Memorial Health System earlier this month.  

The alert, put forth by the FBI’s cyber division, outlined Hive’s technical details reminded victims what to do if they are targeted.  

“Hive ransomware, which was first observed in June 2021 likely operates as an affiliate-based ransomware, employs a wide variety of tactics, techniques procedures, creating significant challenges for defense mitigation,” wrote FBI officials.  


Although Hive is a relatively new entry onto the ransomware scene, it is already doing damage.  

As the FBI noted, Hive hackers don’t just hold a network hostage – they also add extortion into the mix.  

“After compromising a victim network, Hive ransomware actors exfiltrate data encrypt files on the network. The actors leave a ransom note in each affected directory within a victim’s system, which provides instructions on how to purchase the decryption software,” the FBI explained.  

“The ransom note also threatens to leak exfiltrated victim data on the Tor site, HiveLeaks,” it added.

The FBI said Hive ransomware seeks processes related to backups, antivirus or anti-spyware, file copying, then terminates them before facilitating file encryption.  

Ransom notes contain a ‘sales department’ link, allowing victims to contact the hackers through a live chat.  

Some targets even say they received phone calls requesting payment for their files.

The agency in its warning reiterated that it does not encourage paying a ransom that doing so does not guarantee that files may be recovered.  

“However, the FBI understands that when businesses are faced with an inability to function, executives will evaluate all options to protect their shareholders, employees, customers,” it said.  


Reports of ransomware incidents have increased over the past few years, the FBI other federal agencies have ramped up their ransomware messaging accordingly.  

In May, the FBI warned of Conti ransomware attacks targeting U.S. healthcare first-responder networks, with more than a dozen incidents identified.  

The U.S. Department of Justice said the following month that it would elevate its ransomware investigations to a priority level similar to that of terrorism.  

Just last week, the U.S. Cybersecurity Infrastructure Security Agency released guidance about how to prevent ransomware attacks from happening, how to protect sensitive information if they do.


“Regardless of whether you or your organization decide[s] to pay the ransom, the FBI urges you to report ransomware incidents to your local field office,” wrote the agency in the most recent alert.

“Doing so provides investigators with the critical information they need to track ransomware attackers, hold them accountable under U.S. law prevent future attacks,” it added.  

Kat Jercich is senior editor of Healthcare IT News.
Twitter: @kjercich
Email: [email protected]
Healthcare IT News is a HIMSS Media publication.

Source link