The Hive ransomware group passed an important milestone earlier this week, the Security Agency reported.
According to the statement, since June 2021, the group has managed to infect more than 1,300 companies with its ransomware variant and rake in over $100 million for their efforts.
Moreover, the group does not seem to take no for an answer. Three agencies discovered that Hive reinfects those victims who chose to restore their networks rather than pay the ransom demand.
Re-infecting rebellious victims
“Hive actors have been known to reinfect – with Hive ransomware or another ransomware variant – the networks of victims’ organizations who restored their network without paying the ransom,” reads the press release.
Hive also casts a relatively wide net in search of new victims. While it has some focus on healthcare and public health (PHP) organizations, it occasionally uses a government entity, a communications company, or an IT company.
These three organizations generally oppose ransom demands because it does not guarantee recovery of the decryption key or stolen data. On the other hand, it will surely motivate the group (as well as other similar groups) to continue their attacks, continue to deploy ransomware, and continue asking for more money.
Instead, they urge victims to report the attack to their local FBI field office or contact CISA via email.
These reports will help law enforcement gather the critical data needed to stay on Hive’s trail, thwart potential future attacks, and ultimately bring cybercriminals to justice.
Hive was first spotted early last summer.
By Beeping Computer (opens in a new tab)