An alert has been issued by the Department of Health and Human Services (HHS) Cybersecuirty Program (HC3) warning organizations in the health sector of the Hive ransomware group. According to the HHS, Hive is an exceptionally aggressive ransomware group who regularly target healthcare organizations.
Since June 2021, the Hive ransomware gang has been the furth most active ransomware gang targeting healthcare organizations. Simillar to other ransomware variants, the Hive typically monitors systems to erase backup data, which is frequently used by healthcare organizations to avoid paying a ransom. After this, the gang then terminates or interrupts them. Shadow copies, backup files, and system snapshots can all be removed in this method. The Hive typically attacks using a multitude of methods. The group launches double extortion in collaboration with a data leak site posted on the dark web. The gang also leverages malware, infection vectors, encypts files, pressures victims via phone calls, or operates the ransomware using a RaaS model. However, while these practices are common amongst ransomware attacks, Hive have a set of unique capabilities which are particularly noteworthy. According to the FBI, the Hive group, “employs a wide variety of tactics, techniques, and procedures (TTPs), creating significant challenges for defense and mitigation.”
In the alert, the HC3 detail a list of best pratices in order to mitigate the danger of ransomware attacks. The HC3 advises healthcare organizations to implement two-factor authentication with strong passwords, particularly for remote access services such as RDP and VPNs. Healthcare organizations should also adequately back up their data and continuously monitor their systems for suspicious activity. An active vulnerability management program should also be developed to enable timely implementation of the latest updates. This applies to all technology incvluding medical devices connecte to the network and traditional information technology. Finally, the HC3 recommends healthcare organizations to develop a comprehensive and stringent endpoint security that is regularly updated with the latest updates as soon as possible. The HC3 has requested organizations within the healthcare sector to report any ransomware incidents immediately in order to help mitigate harm and to prevent further attacks from taking place.