US law enforcement department Federal Bureau of Investigation (FBI) recently released statistics regarding the success rate of the infamous ransomware gang known as Hive. Figures supplied by the Bureau showed that Hive had managed to extort around $100 million from more than a thousand organisations since June last year.

Tactics of a thriving ransomware gang

While the recent figures from the FBI speak for themselves, they only tell part of the story. The government department also commented that a common tactic used by Hive was to deploy further ransomware payloads on the computer networks of their victims if they refuse to give in to their demands.

The FBI statement explained:

“As of November 2022, Hive ransomware actors have victimised over 1,300 companies worldwide, receiving approximately US$100 million in ransom payments, according to FBI information. Hive actors have been known to reinfect—with either Hive ransomware or another ransomware variant—the networks of victim organisations who have restored their network without making a ransom payment.”

The extensive list of victims includes organisations from a diverse range of sectors and critical infrastructure industries like government facilities, information technology and communications, with a strong focus on public health and healthcare organisations.

The information was unveiled in a joint advisory published recently by the FBI, the Department of Health and Human Services and the Cybersecurity and Infrastructure Security Agency in the USA.

The advisory was released to share indicators of compromise, techniques, tactics, and procedures of the Hive ransomware gang uncovered by the FBI during its investigations of the gang’s activities since 2021.

The aim of the report is to help defenders identify malicious activity connected with affiliates of Hive and eliminate or reduce the impact of incidents.

Although submissions to the official ID Ransomware platform do not include every Hive ransomware attack, victims have now submitted over 850 samples since the beginning of the year. Many of the attacks tool place between March and April when a notable spike in activity was recorded.

Incident report requests from the FBI

While the federal agencies responsible for the recent advisory do not condone or encourage the paying of ransoms as such behaviour encourages other threat actors to start using ransomware tactics, together they are urging victims to report any Hive attacks to the FBI field office in their local area, whether they opt to pay a ransom or not.

The aim of this request is to help law enforcement agencies to gather critical data required to keep track of Hive’s activity and prevent additional ransomware attacks while holding the gang accountable for its crimes.

The Bureau also released additional technical details and indicators of compromise information associated with the Hive ransomware gang’s attacks back in August last year.

The Hive gang is what is known as a Ransomware-as-a-Service operation. It has been active since back in June 2021 and many of its active members are known to have been part of the notorious Conti cybercrime gang and Hive simultaneously since November last year.

Protecting your data

Galaxkey’s state-of-the-art data protection platform lets organisations encrypt data, which makes it useless in anyone’s hands if they aren’t authorised to view it. You can contact Galaxkey today for a demo or a free trial.