cell ransomware The group crossed a major milestone earlier this week, the Cybersecurity and Security Infrastructure Agency (CISA) said in a joint press release published with the Federal Bureau of Investigation (FBI) and the Department of Health and Human Services (HHS).
According to the release, since June 2021, the group has managed to infect more than 1,300 companies with its ransomware variant and pocketed $100 million for its efforts.
Moreover, the group does not seem to accept “no” for an answer. The three Hive agencies detected re-infection of those victims who chose to restore their networks rather than pay the ransom demand.
Rehabilitation of rebel victims
“Hive actors are known to re-infect – either using Hive ransomware or another ransomware variant – the networks of victim organizations that have restored their network without paying a ransom,” the press release reads.
Hive also casts a relatively wide net when searching for new victims. While it is somewhat focused on health care and public health (PHP) organizations, it sometimes has a government entity, telecom company, or IT company.
The three organizations generally oppose paying the ransom demand, as that does not guarantee that they will obtain the decryption key, or recover the stolen data. On the flip side, it would certainly motivate the group (and other similar groups as well) to continue attacking, to continue spreading ransomware, and to keep asking for more money.
Instead, they urge victims to report the attack to a local FBI field office or to contact CISA via email.
These reports, the statement says, will help law enforcement gather the essential data needed to stay on track for the Hive, disrupt potential future attacks, and ultimately — bring the threatened actors to justice.
The beehive was first spotted in early summer last year.
Across Computer (Opens in a new tab)