US government agencies have stated that the Hive ransomware gang has victimized more than 1,300 businesses in the past year and a half, resulting in roughly $100 million in ransom payments. The group has been active since June 2021 and has offered ransomware-as-a-service. The Hive ransomware has been used in attacks against businesses, critical infrastructure entities, government, healthcare, IT, and manufacturing organizations. The Cybersecurity and Infrastructure Security Agency (CISA) the Federal Bureau of Investigation, and the Department of Health and Human Services have released a joint alert detailing the ransomware.

The report discusses the indications that a device or network has been infected by ransomware, specifically the Hive ransomware. Additionally the report contains tactics, techniques, and procedures in the case of a ransomware attack. Initial access to a victim’s network is often obtained by Remote Desktop Protocol, VPNs, and other remote connections not secured with multi-factor authentication, the government agencies say. Once it achieves access, the ransomware attempts to identify and terminate antimalware processes.

Read More: Hive Ransomware Gang Hits 1,300 Businesses, Makes $100 Million