HHS warns providers of 'exceptionally aggressive' ransomware group

Apr 26, 2022 10:00 am Cyber Security 263

Dive Brief:

The Department of Health and Human Services posted an alert last week warning healthcare organizations of an "exceptionally aggressive" ransomware group that is known to target the sector.

The Hive group practices double extortion — demanding payment to free data it has encrypted while also threatening to release the unencrypted data publicly, often by selling it on "name and shame" dark web sites, according to the department.

The HHS Office of Information Security said in an analyst note that healthcare organizations should try to protect themselves with continuous monitoring and an active vulnerability management program. The alert also suggested keeping backups of data in multiple locations and using two-factor authentication with strong passwords.

Dive Insight:

Hive first emerged in June of last year. By the third quarter of 2021, the group already was ranked as the fourth most active ransomware group by threat intelligence firm Intel 471. Group-IB Threat Intelligence analysts said in September that Hive had targeted more than 350 companies.

The group has multiple tactics, including phishing and compromising VPNs. It often sends a ransom note telling users not to delete or modify files and warning that if they go to the authorities the encryption key will be erased, according to the analysis.

Hive's encryption method prevents security researchers from seeing the ransom note and monitoring negotiations, the HHS said. Its ransomware moves laterally through a system and seeks out backups, shadow copies and snapshots while targeting antivirus software, according to the FBI.

Hospitals
Support the originator by clicking the read the rest link below.