“Cloud applications that are now running on non-Windows operating systems such as Linux, are also under attack from these cyber criminals. Attackers know this and are using that to their advantage. More organizations are starting to embrace the digital world and are securing their data center to the cloud.
#CRYPTO LOCKER WIKIPEDIA MAC#
It’s evolved to now include operating systems like Linux, Mac iOS, and VMware EXSi. They’re hoping to cause a significant impact on the lives of their victims by compromising Linux and giving the victims more of an incentive to pay their ransom demands.Ĭyber security analysts are not shocked to see the evolution of ransomware. Hive appears to be shifting platforms by targeting public facing systems like Linux – a system that is commonly used for web-servers. John Bambenek, the principal threat hunter at NetEnrich, stated that it isn’t unusual for a threat actor’s imperfect malware to be in the wild. The Linux and FreeBSD variants are written in Golang, however, their malware still has some bugs in it and has yet to be exploited. This means that the threat actor is looking to attack other operating systems as well as cloud apps.
One of the ways Hive is able to gain access to their victim’s data is by sending out phishing emails with malicious attachments and by hijacking the Remote Desktop Protocol (RDP).ĮSET Research Labs identified Linux and FreeBSD variants of Hive ransomware. The threat actor’s focus is faster payment, and they achieve this by increasing pressure on their victims by stealing their data before encrypting it. Once in a system, Hive uses their tools to move laterally within that system and escalate privileges to steal and encrypt files. Hive also uses Golang, a modern programming language that threat actors have been utilizing lately. Hive’s ransom notes have a link to a “sales department” which allows victims to contact them through live chat – almost like customer service. According to Adam Meyers, Vice President of CrowdStrike, the threat actor created the ability to run their ransomware against EXSi. Hive actually does the opposite and uses several platforms – Windows, Linux, and EXSi hypervisors. Over the years, analysts and researchers noticed that most ransomware threat actors focus on one platform, like Windows, to launch their attacks. They have a variety of techniques and tactics that are challenging for cyber security professionals to defend and mitigate. Initially observed in June 2021, Hive operates as an affiliate-based ransomware gang. Researchers are not sure if Hive is a Ransomware as a Service platform or if Hive is a closed group. Therefore, the name Hive will be used interchangeably throughout this report. Important Note: The ransomware gang is named Hive, as well as their ransomware. Let’s take a look at Hive ransomware, their tactics, and why they are still a major concern for the healthcare industry and beyond. Unfortunately, when threat actors like Hive revise well-known ransomware tactics and become more detailed in their attacks, it’s hard for organizations to see any hope of recovering from an attack.
The FBI and CISA discourage companies from paying ransoms because it encourages cyber criminals to continue to attack organizations and demand ransom payments or fund illicit activities for cyber criminals. In a study where researchers spoke to 742 cybersecurity professionals, it was found that 80% of them were targeted with ransomware over the last two years – 39% of those cyber security professionals resorted to paying the ransom. Mimecast, a cloud security company, reported that the United States takes the lead when it comes to how much companies are willing to pay attackers following ransomware attacks. Ransomware continues to be a national security threat and ransomware gangs like BlackMatter, REvil, and DarkSide are constantly evolving, developing new tools, and changing tactics. Hive is infamously known for attacking healthcare facilities but has recently decided to make an even bigger name for themselves by attacking the retail industry and demanding one of the largest ransoms in cyber security history. In that report, we mentioned Hive being in the top ten global ransomware gangs for the third quarter of the year. In October 2021, we published a report naming the top five cyber security threats within the health care industry.
0 kommentar(er)
