HHS is recommending several cybersecurity principles and practices to defend the sector from ransomware attacks and to watch out for things like:

They conduct double extortion (data theft prior to encryption) and support this with their data leak site which is accessible on the dark web.
They operate via the ransomware as a service (RaaS) model, which involves them focusing on development and operations of the ransomware and other partners/affiliates to obtain initial access to the victim infrastructure and they leverage Golang, a language used by many cybercriminals to design their malware.
They leverage common (but effective) infection vectors such as RDP and VPN compromise as well as phishing.
Their encrypted files end with a .hive, .key.hive or .key extension.
Some victims have received phone calls from Hive to pressure them to pay and conduct negotiations.

The HC3 note says when defending against Hive or any other ransomware variant, there are standard practices that should be followed. Prevention is always the optimal approach. This includes but is not limited to the following:

Use two-factor authentication with strong passwords – this is especially applicable for remote access services such as RDP and VPNs.
Sufficiently backing up data, especially the most critical, sensitive and operationally necessary data is very important. According to HC3, "We recommend the 3-2-1 Rule for the most important data: Back this data up in three different locations, on at least two different forms of media, with one of them stored offline."
Continuous monitoring is critical, and should be supported by a constant input of threat data.

Read more:

Instant Insights /

HHS warns of risk of Hive ransomware to public health care sector

More From HR Executive

Related Stories

Recommended For You