Hive Ransomware
What is Hive Ransomware?
Hive RansomwareA prolific ransomware-as-a-service operation active 2021-2023 that targeted healthcare and critical infrastructure before the FBI covertly infiltrated it in late 2022.
Hive surfaced in June 2021 as a ransomware-as-a-service program that aggressively targeted hospitals, government agencies, and manufacturers in North America and Europe. Its Go-based encryptor used a hybrid scheme of elliptic-curve key exchange and ChaCha20 or AES, and the gang ran a Tor leak site for double extortion. By July 2022 the FBI had quietly compromised Hive infrastructure and began distributing decryption keys to more than 1,300 victims, averting an estimated USD 130 million in ransom payments. On 26 January 2023 the US Department of Justice, with Germany and the Netherlands, seized Hive's servers and leak site, formally ending the operation; some operators are believed to have moved to Hunters International.
● Examples
- 01
August 2022 attack against Costa Rica's CCSS public health system disrupting hospital operations.
- 02
FBI infiltration disclosed in January 2023 that distributed Hive decryption keys to victims worldwide.
● Frequently asked questions
What is Hive Ransomware?
A prolific ransomware-as-a-service operation active 2021-2023 that targeted healthcare and critical infrastructure before the FBI covertly infiltrated it in late 2022. It belongs to the Malware category of cybersecurity.
What does Hive Ransomware mean?
A prolific ransomware-as-a-service operation active 2021-2023 that targeted healthcare and critical infrastructure before the FBI covertly infiltrated it in late 2022.
How does Hive Ransomware work?
Hive surfaced in June 2021 as a ransomware-as-a-service program that aggressively targeted hospitals, government agencies, and manufacturers in North America and Europe. Its Go-based encryptor used a hybrid scheme of elliptic-curve key exchange and ChaCha20 or AES, and the gang ran a Tor leak site for double extortion. By July 2022 the FBI had quietly compromised Hive infrastructure and began distributing decryption keys to more than 1,300 victims, averting an estimated USD 130 million in ransom payments. On 26 January 2023 the US Department of Justice, with Germany and the Netherlands, seized Hive's servers and leak site, formally ending the operation; some operators are believed to have moved to Hunters International.
How do you defend against Hive Ransomware?
Defences for Hive Ransomware typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Hive Ransomware?
Common alternative names include: Hive, Hive RaaS.
● Related terms
- malware№ 902
Ransomware-as-a-Service (RaaS)
A criminal business model in which ransomware operators rent their malware and infrastructure to affiliates who carry out attacks and share the proceeds.
- malware№ 900
Ransomware
Malware that encrypts a victim's data or locks systems and demands payment in exchange for restoring access.