FBI Warning Issued About Hive Ransomware

The FBI has issued a warning about Hive ransomware after the crime group took down IT systems at Memorial Health System in Ohio

The alert details indicators of compromise and tactics, techniques and procedures—or TTPs—associated with ransomware attacks by the apparent ransomware-as-a-service operation.

The full release can be found here:  https://www.ic3.gov/Media/News/2021/210825.pdf

In addition to the details of the attack, the FBI has issued a list of mitigations for any victims of a Hive ransomware attack.

Per the FBI release:

If your organization is impacted by a ransomware incident, the FBI and CISA recommend the

following actions.

  • Isolate the infected system. Remove the infected system from all networks, and disable the computer’s wireless, Bluetooth, and any other potential networking capabilities. Ensure all shared and networked drives are disconnected, whether wired or wireless.
  • Turn off other computers and devices. Power-off and segregate (i.e., remove from the network) the infected computer(s). Power-off and segregate any other computers or devices that share a network with the infected computer(s) that have not been fully encrypted by ransomware. If possible, collect and secure all infected and potentially infected computers and devices in a central location, making sure to clearly label any computers that have been encrypted. Powering off and segregating infected computers and computers that have not been fully encrypted may allow for the recovery of partially encrypted files by specialists.
  • Secure your backups. Ensure that your backup data is offline and secure. If possible, scan your backup data with an antivirus program to check that it is free of malware.

 

Missing

While the FBI’s mitigation recommendations are all useful, they ignore one of the most powerful options for avoiding ransomware and other malware-based attacks. Due to the fact that an overwhelming number of ransomware attacks start as phishing or spear-phishing campaigns, training your staff on how to spot malicious emails is one of the best safeguards against attacks. That knowledge, and the discipline to not open unvetted attachments, is the most powerful safeguard against ransomware.

Other recommendations include monitoring cyberthreat reporting regarding the publication of compromised VPN login credentials, keeping computers, devices, and applications patched and updated, and regularly updating antivirus or anti-malware software on all hosts.

If you have questions about ransomware, IT security, or training, call ITPAC today.