[MART] - Daily Diary #332 - Meet Hive Ransomware
CTAS-MAT
ctas-mat at appgate.com
Mon Aug 23 21:22:56 UTC 2021
Hello,
I hope everyone is doing well!
Below is the entry for today.
08/23/2021 - Diary entry #332
First discovered June this year, Hive ransomware is a new Ransomware threat that operates using the double-extortion model most ransomware families adopted nowadays, stealing data before encrypting it and threatening to publish if the ransom is not paid. This threat is written in Golang, a trend covered in previous daily diaries as being heavily used by new threat actors. Although so far only Windows samples have been found, this means they can easily adapt the threat to target other platforms.
This week the health organization Memorial Health System (MHS) disclosed it was hit by a ransomware attack earlier this month, and Hive is claiming responsibility for the attack. MHS suspended user access to their applications, and are working with the authorities to restore their systems. Unfortunately, because of the incident, they were forced to suspend some of their operations, including some surgeries and radiology exams. It's not clear yet if any patient or employee data was stolen during this incident.
Our team got access to "Hive Leaks", Hive ransomware wall-of-shame in the deep-web. The first entry on the website is from June 23th this year, when the group attacked Altus Group, a commercial real estate software solutions company. In the page there is an entry for more than 30 victims, showing how dangerous is this threat despite being so new. So far, there is no entry on the website for MHS, so the negotiation might still be ongoing.
Kind Regards,
[https://d3aafpijpsak2t.cloudfront.net/images/Signature/logo@2x.png]<https://www.appgate.com/>
[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/> [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity> [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>
Felipe Duarte Domingues
Security Researcher
Appgate
E: felipe.duarte at appgate.com<mailto:felipe.duarte at appgate.com>
O: +55 19 98840 2509
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.immunityinc.com/pipermail/mart/attachments/20210823/2a298b53/attachment.htm>
More information about the MART
mailing list