The HHS’ Office of Information Security Health Sector Cybersecurity Coordination Center (HC3) has released a TLP: White alert concerning the Hive ransomware gang – A specifically hostile cybercriminal operation that has substantially attacked the healthcare industry in America.
HC3 has provided an evaluation of the tactics, techniques, and procedures (TTPs) identified to be utilized by the ransomware group for their attacks and has discussed cybersecurity rules and mitigations that may be implemented to enhance toughness versus Hive ransomware attacks.
The Hive ransomware group has been carrying out attacks since about June 2021. The gang is recognized for utilizing double extortion tactics, exfiltrating sensitive information before file encryption, and giving threats to expose the data in case the ransom isn’t given. The group is likewise identified to communicate with victims on the telephone to push them into paying the ransom demand.
Hive is a ransomware-as-a-service (RaaS) operation with affiliates hired to carry out attacks on the group’s behalf in order to get a slice of the earnings that are made, which permits the key members of the group to focus on advancement and operations.
Having affiliates having various expertise indicates a selection of TTPs are used to acquire access to systems; nevertheless, the group most often utilizes Remote Desktop Protocol, VPN compromise, and phishing emails in their attacks. As soon as access to systems is acquired, compromised systems are explored to determine applications and processes required in backing up information, and then those procedures and applications are ended or interrupted. Shadow copies, system snapshots, and backup files are additionally erased to make it more difficult for victims to recover with no ransom payment.
The ransomware is actively created, and a number of capabilities and practices were used to avoid evaluation of the ransomware, interception and tracking of discussions with victims, and the group has implemented a new IPv4 obfuscation method – IPfuscation – to make their attacks more covert.
Guarding against Hive ransomware attacks demands regular cybersecurity best practices to be implemented, such as the following:
- Altering predetermined passwords and setting up strong passwords
- Employing 2-factor authentication, particularly for remote access services
- Offering the workforce standard security awareness training
- Making several backup copies of backups, screening those backups, and keeping backups offline
- Making sure there is steady checking, backed by a regular input of threat data
- Using an extensive vulnerability management plan and prioritizing identified exploited vulnerabilities
- Making certain software and operating systems are updated
- Employing extensive endpoint security solutions that are automatically up-to-date with the most recent signatures/improvements.