Hive ransomware has extorted more than $100m, FBI warns

22 Nov 2022

Image: © Jaruwan photo/

The FBI and CISA warned that threat actors have ‘especially’ targeted healthcare organisations, along with other critical infrastructure sectors.

US security agencies have issued a warning about the growing prevalence of Hive ransomware, which has vicitmised more than 1,300 companies worldwide.

The FBI and US Cybersecurity and Infrastructure Security Agency (CISA) said threat actors have used this ransomware to target “a wide range of businesses and critical infrastructure sectors”.

Targets have included government facilities, communications, critical manufacturing, IT and “especially” healthcare services.

Since June 2021, the FBI and CISA claim Hive ransomware has successfully extorted roughly $100m from companies.

The security organisations have released a joint cybersecurity advisory with the US Department of Health and Human Services to warn companies about the tactics and techniques of the cybercriminals.

If organisations refuse to pay, the ransomware gang threatens to steal data and post it on the internet. The threat actors are also known to reinfect the networks of organisations that restore their systems without paying a ransom.

The joint advisory warning contains a list of mitigations organisations should follow to protect themselves from ransomware attacks. These include keeping offline backups of data, ensuring backup data is encrypted and regularly updating anti-virus and anti-malware software.

Organisations should also review the security posture of third-party vendors and other linked businesses.

Raj Samani, SVP and chief scientist at cybersecurity company Rapid7, said the joint advisory shows that extortion tactics are working and said that “unsurprisingly, one of their biggest targets is the healthcare industry”.

Research by Rapid7 suggests that the healthcare and pharmaceuticals industry suffered a large amount of ransomware attacks between April 2020 and February 2022. More than 70pc of data disclosures in the sector involved finance and accounting data, with 58pc including patient data.

“Organisations need multiple layers of defence against ransomware attacks in order to protect themselves,” Samani said.

“This includes not just technologies to detect potential intrusion, or lateral movement, but also implementing security controls, should the threat remain undetected, such as the use of file encryption.”

Cybercriminals have been increasingly targeting critical infrastructure in order to cause further pressure from their attacks and have their ransom demands met.

A French hospital was hit with a ransomware attack in August, forcing it to send patients to other institutions as it tried to fix its impacted systems.

It came a few weeks after the UK’s National Health Service suffered disruptions from a cyberattack, which targeted systems that facilitate patient referrals, ambulance bookings, out-of-hour appointments and emergency prescriptions.

Last year, the Irish health service suffered a “significant and serious” ransomeware attack that affected more than 80pc of IT infrastructure

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Leigh Mc Gowran is a journalist with Silicon Republic