Hive Ransomware Is Hitting the Healthcare Industry
Last week the FBI released an alert warning of a new ransomware group known as Hive Ransomware. Recently, Hive attacked the Memorial Health System in Ohio and West Virginia. The FBI warns this group could continue to be dangerous to the healthcare industry.
What is Hive Ransomware?
Hive Ransomware is an affiliate based ransomware that first appeared in June, 2021 and uses multiple forms of attack to compromise it’s victims. Typically Hive uses phishing emails with malicious email links that gains control of Remote Desk Protocol (RDP) to encrypt the users data. Once encrypting the individuals data, Hive sends a ransom note with a link to a dark web site where the victim can live chat with someone from Hive and serves as a place where the victim can make a payment. Typical files that have been encrypted end in “.key.hive” or “.key” and a text document named “HOW_TO_DECRYPT.txt” is dropped in the infected directory containing the link to the payment site.
Hive has been particularly damaging to health care systems in the past weeks as they’ve attacked at least 28 organizations forcing hospitals to reschedule important medical procedures and stop taking some patients all together. In some cases hospitals have even had to give in and pay the ransom that was demanded.
What Can I Do?
The FBI and CISA recommend taking actions if you find your systems corrupted. Some of these include:
- Isolate the infected system: “Remove the infected system from all networks, and disable the computer’s wireless, Bluetooth, and any other potential networking capabilities.”
- Turn off other computers and devices: “Power-off and segregate any other computers or devices that share a network with the infected computer(s) that have not been fully encrypted by ransomware.”
- Secure your backups: ” Ensure that your backup data is offline and secure. If possible, scan your backup data with an antivirus program to check that it is free of malware.
You can read more here about what Hive Ransomware is and how the FBI recommends handling it.
Don’t gamble with your security if you think you’re at risk!
Corporate Information Technologies provides small to mid-market organizations with expert I.T. services including compliance assessment, cybersecurity penetration tests, and comprehensive business continuity planning services. Corporate Information Technologies can help organizations, quantify, create, refine, and mitigate the risks presented by business threatening disasters in whatever form they may be disguised.