Hive, a ransomware group known to target the healthcare industry, has received approximately $100 million in ransom payments.
From June 2021 to November 2022, hackers have used Hive ransomware to target critical infrastructure sectors, including government facilities, healthcare, public health, communications, critical manufacturing and information technology, according to a Nov. 17 press release from the Cybersecurity and Infrastructure Security Agency.
Four things to know about the group:
- As of November, Hive ransomware hackers have compromised over 1,300 companies worldwide.
- Hive operates as a ransomware-as-a-service model.
- The group uses many common ransomware tactics, including the exploit of remote desktop protocol or virtual private networks, and phishing attacks, in addition to more aggressive methods like directly calling the victims to apply pressure and negotiate ransom payments.
- Other tactics deployed by the group include searching the victim's systems that are tied to backups and either terminating or disrupting those connections, deleting shadow copies, backup files and even system snapshots.