"HHS Underscores Risk of Hive Ransomware"
The US Department of Health and Human Services' (HHS) Health Sector Cybersecurity Coordination Center (HC3) released an analyst note pertaining to the Hive ransomware group, a cybercrime group that has launched several attacks against the healthcare sector. HC3 warns that Hive is an aggressive financially-motivated ransomware group with sophisticated capabilities. Hive was behind the August 2021 attack against the Memorial Health System, which impacted more than 200,000 individuals and resulted in the exfiltration of sensitive data. Additionally, Hive was behind the cyberattack on the Missouri Delta Medical Center that occurred in September 2021. HC3 identified the Hive group as one of the top US healthcare ransomware threats in Q3 2021. In March 2022, Hive stole 850,000 records consisting of Personally Identifiable Information (PII) from Partnership HealthPlan of California. HC3's latest analyst note says Hive conducts double extortion and operates based on the Ransomware-as-a-Service (RaaS) model, thus enabling them and affiliates to gain access to victim infrastructure. The group uses Golang (Go)-written malware, and leverages Remote Desktop Protocol (RDP) and Virtual Private Network (VPN) compromise as well as phishing. Their operations include searching victim systems for processes responsible for backing up data and disrupting them by deleting shadow copies and system snapshots. Much of Hive's operations are considered standard practice amongst ransomware operators, but they have a set of unique capabilities. According to the FBI, Hive uses various tactics, techniques, and procedures (TTPs), making mitigation and defense efforts challenging. To defend against Hive, organizations are encouraged to enable Multi-factor Authentication (MFA), use strong passwords, and regularly backup data. HC3 recommends organizations adopt the 3-2-1 rule for data backups by storing data in three different locations, on two forms of media, and with one of them stored offline. This article continues to discuss HC3's analyst note regarding the Hive ransomware group's history, capabilities, and severity, as well as how to defend against this group.
HealthITSecurity reports "HHS Underscores Risk of Hive Ransomware"