![]() ![]() Memorial Health Systems open statement on ransomware attack Who is Hive? This is a human-operated ransomware attack designed to take input from the command line, indicating the attackers are both aware of the environment and tailoring their attacks for maximum impact. While some ransomware attacks hitting public health and critical infrastructure targets can be the result of a shotgun approach to targetting – mass phishing campaigns that execute malware blindly on victim devices without awareness of the victim environment – that is not the case with Hive. As a result, the hospital was forced to advise some patients to seek treatment at separate facilities. On August 15, 2021, news broke of a Hive campaign against Memorial Health System, an Ohio healthcare provider. While many active ransomware groups have committed to forgoing attacks on medical targets in deference to the current global situation, Hive is not one of them. Hive remains active with as many as 30 victim companies listed on its Hive Leaks onion site at the time of writing.This report offers an overview of Hive TTPs as well as a reverse engineering deep dive into the ransomware payloads. ![]() Hive ransomware is written in Go to take advantage of the language’s concurrency features to encrypt files faster.The group is notable in its undiscerning choice of targets, having no limits when it comes to healthcare providers and hospitals, as evidenced in a recent attack on Memorial Health System hospitals in Ohio.Hive is a double-extortion ransomware group that first appeared in June 2021.By Jim Walter & Juan Andres Guerrero-Saade Executive Summary ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |