The pandemic had compelled companies to shift gigantic databases and records onto the cloud to endorse remote working. Consequently, the incidents pertaining to data theft and breach of privacy have increased to a great extent. Recently, the FBI warned companies to be vigilant and be aware of a new ransomware called Hive. The ransomware uses innovative mechanisms to break into corporate networks, and it is seemingly hard to lessen its damage. In his article for InfoSecurity magazine, Phil Muncaster shares his insight on Hive and how much damage it has caused to several companies.
How Does It Propagate?
Muncaster asserts that Hive can spread through various means, among which phishing emails serve to be a prominent source. The emails are attached with malicious content to gain access and hijack remote desktop protocol (RDP) to control the system. The malware stops the processes related to backup, anti-virus software, and file copying to boost its probability of success. The ransomware leaves a hive.bat script in the directory that leads to a time-out delay of one second after the completion of encryption. Another file by the name of shadow.bat is dropped into the guide to erase shadow copies, including backup copies and snapshots. As soon as the backup and snapshots are deleted, the shadow.bat file is also erased from the system.
How Is Hive Affecting Businesses?
Many victims have told the FBI that they received follow-up calls from the hackers demanding payment, failure of which would lead to public disposal of the data. However, many hackers do not ask for ransom and simply upload the data to the public domain. Cyber security experts believe that people associated with Hive recently led an attack on the Memorial Health System that disrupted the networks at all 64 of its clinics and three hospitals.
Click on the link to read the article: