Hive Ransomware
$100 million plus in payouts for Ransomware-as-a-service (RaaS) attacks
The Hive ransomware gang has received up to $100+ million in ransom payments from more than 1,300 victims according to a joint advisory released by the FBI, the U.S. Cybersecurity and Infrastructure Security Agency, and the Department of Health and Human Services. Learn More »
Common Vulnerabilities and Exposures
Background
Hive ransomware was first observed in June 2021. According to the advisory, it has grown into one of the most prevalent ransomware in the ransomware as a service (RaaS) ecosystem. The RaaS model initiates from developers creating, maintaining, and updating the malware, and affiliates conducting the ransomware attacks. Hive ransomware related attacks has targeted a wide range of industries and critical infrastructure sectors such as government, communications and information technology, with a high focus on healthcare and public health entities.
Threat Radar Overall Score: 4.6
CVSS Rating | 9.0 | |
FortiRecon Score | 93/100 | |
Known Exploited | Yes | |
Exploit Prediction Score | 97.32% | |
FortiGuard Telemetry | 23400 |
Latest Development
Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.
November 17, 2022: CISA released a joint advisory on Hive Ransomware. https://www.cisa.gov/uscert/ncas/alerts/aa22-321a
November 21, 2022: Threat Signal posted at https://www.fortiguard.com/threat-signal-report/4889
FortiGuard Labs is continually monitoring and providing latest Anti-virus protections and IPS coverages for any linked vulnerabilities targeted by Hive ransomware.
FortiGuard Cybersecurity Framework
Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.
-
Decoy VM
-
AV
-
Vulnerability
-
AV (Pre-filter)
-
Behavior Detection
-
IPS
-
Post-execution
-
Threat Hunting
-
IOC
-
Outbreak Detection
-
Content Update
-
Automated Response
-
Assisted Response Services
-
InfoSec Services
-
Attack Surface Monitoring (Inside & Outside)
Decoy VM Detect activities related to a Hive ransomware malware
Vulnerability Detect and block Microsoft Exchange endpoint vulnerabilities used by Hive ransomware
AV (Pre-filter) Detect Hive ransomware payloads
Behavior Detection Detect Hive ransomware payloads as medium risk
IPS Detect and block Microsoft Exchange vulnerabilities used by Hive ransomware to gain access to victim's network
Post-execution Detect and block post execution activities related to Hive ransomware
Threat Hunting
Outbreak Detection
Content Update
Automated Response Services that can automaticlly respond to this outbreak.
FortiClient Forensics
Assisted Response Services Experts to assist you with analysis, containment and response activities.
InfoSec Services Security readiness and awareness training for SOC teams, InfoSec and general employees.
Attack Surface Monitoring (Inside & Outside) Security reconnaissance and penetration testing services, covering both internal & external attack vectors, including those introduced internally via software supply chain.
Threat Intelligence
Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.
Loading ...
Indicators of compromise
IOC Indicator List
Indicators of compromise
IOC Threat Activity
Last 30 days
Chg
Avg 0
Mitre Matrix
Click here for the ATT&CK Matrix
References
Sources of information in support and relation to this Outbreak and vendor.