The U.S. Federal Bureau of Investigation has issued a flash warning about Hive, a newly observed ransomware reportedly linked to the attack on Memorial Health System this past month.  

The alert, put forth by the FBI's cyber division, outlined Hive's technical details and reminded victims what to do if they are targeted.  

"Hive ransomware, which was first observed in June 2021 and likely operates as an affiliate-based ransomware, employs a wide variety of tactics, techniques and procedures, creating significant challenges for defense and mitigation," wrote FBI officials.  

WHY IT MATTERS  

Although Hive is a relatively new entry onto the ransomware scene, it is already doing damage.  

As the FBI noted, Hive hackers don't just hold a network hostage – they also add extortion into the mix.  

"After compromising a victim network, Hive ransomware actors exfiltrate data and encrypt files on the network. The actors leave a ransom note in each affected directory within a victim’s system, which provides instructions on how to purchase the decryption software," the FBI explained.  

"The ransom note also threatens to leak exfiltrated victim data on the Tor site, HiveLeaks," it added.

The FBI said Hive ransomware seeks processes related to backups, antivirus or anti-spyware, and file copying, and then terminates them before facilitating file encryption.  

Ransom notes contain a 'sales department' link, allowing victims to contact the hackers through a live chat.  

Some targets even say they received phone calls requesting payment for their files.

The agency in its warning reiterated that it does not encourage paying a ransom and that doing so does not guarantee that files may be recovered.  

"However, the FBI understands that when businesses are faced with an inability to function, executives will evaluate all options to protect their shareholders, employees, and customers," it said.  

THE LARGER TREND  

Reports of ransomware incidents have increased over the past few years, and the FBI and other federal agencies have ramped up their ransomware messaging accordingly.  

In May, the FBI warned of Conti ransomware attacks targeting U.S. healthcare and first-responder networks, with more than a dozen incidents identified.  

The U.S. Department of Justice said the following month that it would elevate its ransomware investigations to a priority level similar to that of terrorism.  

Just last week, the U.S. Cybersecurity and Infrastructure Security Agency released guidance about how to prevent ransomware attacks from happening, and how to protect sensitive information if they do.

ON THE RECORD  

"Regardless of whether you or your organization decide[s] to pay the ransom, the FBI urges you to report ransomware incidents to your local field office," wrote the agency in the most recent alert.

"Doing so provides investigators with the critical information they need to track ransomware attackers, hold them accountable under U.S. law and prevent future attacks," it added.  

Kat Jercich is senior editor of Healthcare IT News.
Twitter: @kjercich
Email: kjercich@himss.org
Healthcare IT News is a HIMSS Media publication.