Hive Attacks & Healthcare Ransomware

Anyone remember the Ransomware attack in Ohio earlier this year?  The hacker group Hive was responsible, and one of their key differentiators was the willingness to target even hospitals and healthcare organizations with ransomware that locked down systems and prevented patient care.

The reason I bring this up today, is the reality that the group is still out there targeting healthcare organizations today, and how they are doing so can be very telling for the future of the IT Security space.

What we know about how Hive operates and how Ransomware / Hacking is becoming more painful for customers:

  • Hive attacks all sorts of computer platforms, including Windows, Linux, Macs, & EXSi hypervisors.  The ability to weave or take advantage of virtualized platforms as a threat vector is still developing.
    • These methods are so quick it can take as little as 3 hours to completely encrypt an ESXi server.
    • Additionally the timeline between initial attack and encryption can be shortened drastically, an attack at 12:30 AM can be completed before users even log in in the morning, bringing down an entire network before security professionals even are awake to receive an alert.
  • Ransomware groups are willing to release sensitive information such as patient records, or privileged information publicly in order to get Ransomware victims to pay the ransom.
    • These attacks are becoming more ruthless, and because of this there is a growing willingness to do anything to receive the ransom sum.
    • Hive specifically has a portal "Hive Leaks" where they indicate the time remaining before they release this information to the public, in order to incentivize the victims to pay
  • If the attackers aren't able to encrypt, or their ransoms are being ignored - they are tactics that involve all sorts of threats and attacks in order to damage the business... such as:
    • Changing wallpapers to indicate a "million dollar reward" for anyone willing to cooperate with attackers.
    • Identifying and attacking business critical applications in order to bring them down and damage corporate reputation or ability to generate revenue.
    • Stealing customer emails and leaking information to those customers in order to damage relationships, or destroy confidence in the affected company.

These kinds of attacks aren't going anywhere, as I've said before, and the stark truth is the attacks are going to become more and more ruthless before anything changes.  Don't let your company get caught off guard and compromised by these kinds of attackers - look at your current security and test it, or reach out to London Security to help you evaluate the efficacy of your security technologies with a Ransomware Risk Assessment... we can run an attack into your company's network which will identify potential flaws with your security process, and give you the peace of mind on how to proceed.