The FBI has released an alert about the Hive ransomware after the group took down Memorial Health System last week.
The alert explains that Hive is an affiliate-operated ransomware first seen in June that deploys “multiple mechanisms to compromise business networks, including phishing emails with malicious attachments to gain access and Remote Desktop Protocol to move laterally once on the network.”
“After compromising a victim network, Hive ransomware actors exfiltrate data and encrypt files on the network. The actors leave a ransom note in each affected directory within a victim’s system, which provides instructions on how to purchase the decryption software. The ransom note also threatens to leak exfiltrated victim data on the Tor site, ‘HiveLeaks,'” the FBI explained.