Various blackmail virus gangs target certain industries and demand ransoms to deal with service disruptions. The health care gang Hive blackmail virus has already carried out several attacks this year, which is a real nightmare for the institutions involved. No wonder the FBI has already issued a warning about a particularly harmful cyber malware
Given the gravity of the situation, the FBI has issued a public statement providing technical information about the Hive extortion virus. So how does Hive ransomware work? And how can you protect yourself?
Hive ransomware came into the spotlight in June 2021. Unlike some other extortion virus attacks, this is believed to be an affiliate-based extortion virus, in other words, it uses the Ransomware-as-a-Service model.
attacks and you can profit from them with the help of this underworld business model without knowing how it all works. Unfortunately, an attacker can launch blackmail virus attacks without knowing a single line of code.
Recently, on August 15, a large U.S. health care provider, Memorial Health System, was attacked by a group of blackmail viruses, resulting in a period of time. they had to cancel the surgeries and divert the patients. Therefore, the FBI issued a public warning to make it clear what to look out for and how to recognize signs of an attack from the infamous Hive extortion virus group.
This is how Hive Ransomware
The Hive extortion virus uses a wide range of tactics, techniques and procedures (TTPs) to establish the effectiveness of an attack. To infect the system, a traditional phishing approach is used, where a malicious file attached to an email can be expected. The file may appear harmless, but if the blackmail program enters the system of the affected organization through it, it will start working immediately after access.
Hive ransomware provides the system for backups, antivirus protection, any other security and protection it scans related operations and also checks the processes involved in copying files. And if you have it, it will eliminate all such processes to disable protection mechanisms.
Once it has infected the system, it encrypts the files in it and demands a ransom along with a warning to leak the files to the system. To the “HiveLeaks” portal, which is only accessible through the Tor browser, so the process is untraceable.
Affected files can be discovered with a .hive extension. Hive Extender also slides a .bat script into the affected directory to clean the files after encryption is complete. After cleaning the original files, a second shadow.bat script is also dropped by the extortion program to clean up the shadow or backup copies of the data found.
This is done without notifying the user, who only notices the ransomware when you find a directory that contains .hive encrypted files, and it discovers a text file that instructs you to decrypt the files. This will lead to a link from the sales department available through the Tor browser that links the victim to the extortion virus attackers for a live chat. You then have two to six days to pay the ransom, which can be extended if you negotiate with the blackmailers.
How can we stay safe from Hive ransomware?
Hive ransomware relies on phishing emails to deceive users. The evil code seeks to hide behind the disguise of legitimate software that may be essential to your business. For example, they may encourage you to download a 7zip executable file (legal software) and the blackmail program can infect your system with it. Attackers also appear to use file-sharing services such as MEGA, SendSpace, and the like, while reporting file links as harmless and trustworthy.
Therefore, it is worth looking at suspicious links with your eyes open. Because of the real danger, it is necessary to check any executable file and confirm its legal source before downloading it to our computer. The FBI advises us not to click on anything we are not 100 percent sure of. In addition, to avoid paying ransom, you may want to use a cloud or a separate (non-networked) storage drive to back up all your critical data.
Hardware, software, tests, curiosities, and color news for IT from here by clicking here
