Hive is a growing ransomware group that only appeared last year, but they have been growing ever since and now present a very serious threat to businesses. In fact, Hive ransomware attacks have received over $100m in ransom payments from over 1,300 companies globally according to the FBI.
It’s not just Hive, either, the ransomware industry as a whole is growing and evolving so fast that ransomware incidents now make up the majority of UK government COBRA meetings.
What is Hive?
Hive is an example of Ransomware-as-a-Service (RaaS). Hive developers create and update the malware, which is then used by affiliates to carry out the attacks.
The organisation is well-structured and complex. They have a sales department, customer service, and victims can log in to an online portal to make ransom payments using login details that attackers leave behind after they have stolen information.
In the past, Hive has mostly targeted the industrial sector, however, they are constantly diversifying and hitting other industries. The most common locations for targets are the US and the UK.
How can I protect my business from attacks?
Make sure you always run up-to-date software and regularly check the CISA’s Known Vulnerability Catalogue to keep updated on new weaknesses.
To protect yourself from phishing, the starting point for many ransomware attacks, your business must go through good cyber-awareness training to make sure everyone is aware of the threat of social engineering.
Implementing multi-factor authentication across all user accounts is also an excellent practical measure to stop phishing attacks in their tracks.
What if my organisation is already infected?
If your organisation has already been affected by ransomware, OmniCyber Security recommends that you:
· Isolate the infected device: Remove the device from all networks, and disable any other potential connections (e.g. Bluetooth)
· Turn off other devices: Turn off and segregate any devices that share a network with the infected device, that have not been fully encrypted by ransomware. If possible, collect and secure all infected and potentially infected computers and devices in a central location, making sure to clearly label any computers that have been encrypted. Turning off and collecting partially encrypted devices may allow for file recovery by a specialist.
· Secure backups: Ensure all your backup data is secure and offline, and scan it with an antivirus program to check it is not infected.
If your data has been stolen, notify anyone affected as soon as possible, and any relevant authorities. They could be able to use information from other attacks to help your situation.
For expert advice on shoring up your defences against potential ransomware attacks, contact OmniCyber Security today.
