Hive is a ransomware-type program. It operates by encrypting data and demanding ransoms for decryption. In other words, this malware makes files inaccessible and demands payment for access recovery.

During the encryption process, affected files are renamed following this pattern: original file name, random character string, and “.hive” extension.

For example, a file initially titled “1.jpg” would appear as something like “1.jpg.3FTVjumqQ4OHTCZxlHTlF1jniMpLRvMkH4T62rsHFwY.hive” after encryption.

Once the encryption process is complete, the ransom notes, “HOW_TO_DECRYPT.txt”, are placed in compromised folders.

Many may remember this ransomware for being the cause of the attack on the electronics retail giant MediaMarkt which suffered a ransomware attack demanding a ransom of 240 million dollars, which caused the shutdown of IT systems and the interruption of store operations in the Netherlands, Germany, etc.

MediaMarkt is Europe’s largest consumer electronics retailer with more than 1,000 stores in 13 countries. MediaMarkt employs approximately 53,000 employees and has total sales of €20.8 billion.

Now, the Hive ransomware group has posted on its dark website that it has stolen 850,000 records of personally identifiable information (PII) from Partnership HealthPlan of California.

The organization’s website currently consists of a home page that says the health plan has been “experiencing technical difficulties,” including an “outage in certain computer systems.” The organization’s phone systems have a similar message, with a recorded message saying “all of our systems are down, with no time scheduled for repair.”

Hive ransomware uses multiple mechanisms to harm business networks, including phishing emails with malicious attachments to gain access and Remote Desktop Protocol (RDP) to move laterally once in the network so take security measures extras against this threat.


Deja un comentario

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *