17 matches found
Wanted Russian Hacker Linked to Hive and LockBit Ransomware Arrested
A Russian cybercriminal wanted in the U.S. in connection with LockBit and Hive ransomware operations has been arrested by law enforcement authorities in the country. According to a news report from Russian media outlet RIA Novosti, Mikhail Pavlovich Matveev has been accused of developing a...
U.S. Offers $10 Million Bounty for Info Leading to Arrest of Hive Ransomware Leaders
The U.S. Department of State has announced monetary rewards of up to $10 million for information about individuals holding key positions within the Hive ransomware operation. It is also giving away an additional $5 million for specifics that could lead to the arrest and/or conviction of any perso...
Hive Ransomware Resurfaces as Hunters International, Bitdefender Claim
By Waqas Hive Ransomware had its infrastructure seized by the FBI and Europol back in January 2023. This is a post from HackRead.com Read the original post: Hive Ransomware Resurfaces as Hunters International, Bitdefender Claim...
A Link to News Site Meduza Can (Technically) Land You in Russian Prison
Plus: Hive ransomware gang gets knocked offline, FBI confirms North Korea stole $100 million, and more...
Hive! Hive! Hive! Ransomware site submerged by FBI
On January 26, 2023, the United States Department of Justice DoJ released details about a disruption campaign against the Hive ransomware group. The disruption campaign has reportedly had access to Hive's infrastructure since July of 2022. Its access became public on Thursday when Hive's dark web...
Hive Ransomware Infrastructure Seized in Joint International Law Enforcement Effort
In what's a case of hacking the hackers, the darknet infrastructure associated with the Hive ransomware-as-a-service RaaS operation has been seized as part of a coordinated law enforcement effort involving 13 countries. "Law enforcement identified the decryption keys and shared them with many of...
Hive Ransomware Infrastructure Seized in Joint International Law Enforcement Effort
In what's a case of hacking the hackers, the darknet infrastructure associated with the Hive ransomware-as-a-service RaaS operation has been seized as part of a coordinated law enforcement effort involving 13 countries. "Law enforcement identified the decryption keys and shared them with many of...
Increasing The Sting of HIVE Ransomware
How malicious actors evade detection and disable defenses for more destructive HIVE Ransomware attacks. Rapid7 routinely conducts research into the wide range of techniques that threat actors use to conduct malicious activity. One objective of this research is to discover new techniques being use...
#StopRansomware: Hive
Today, CISA, the Federal Bureau of Investigation FBI, and the Department of Health and Human Services HHS released joint Cybersecurity Advisory CSA StopRansomware: Hive Ransomware to provide network defenders tactics, techniques, and procedures TTPs and indicators of compromise IOCs associated wi...
Hive Ransomware Hackers Begin Leaking Data Stolen from Tata Power Energy Company
The Hive ransomware-as-a-service RaaS group has claimed responsibility for a cyber attack against Tata Power that was disclosed by the company less than two weeks ago. The incident is said to have occurred on October 3, 2022. The threat actor has also been observed leaking stolen data exfiltrated...
Costa Rica May Be Pawn in Conti Ransomware Group’s Bid to Rebrand, Evade Sanctions
Costa Ricas national health service was hacked sometime earlier this morning by a Russian ransomware group known as Hive. The intrusion comes just weeks after Costa Rican President Rodrigo Chaves declared a state of emergency in response to a data ransom attack from a different Russian ransomware...
Hive Ransomware targets organizations with ProxyShell exploit
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Hive Ransomware has been active since its discovery in June 2021, and it is constantly deploying different backdoors, including the Cobalt Strike beacon, on Microsoft Exchange servers that are vulnerable to ProxyShell...
New Incident Report Reveals How Hive Ransomware Targets Organizations
A recent Hive ransomware attack carried out by an affiliate involved the exploitation of "ProxyShell" vulnerabilities in the Microsoft Exchange Server that were disclosed last year to encrypt an unnamed customer's network. "The actor managed to achieve its malicious goals and encrypt the...
A week in security (March 28 – April 3)
Last week on Malwarebytes Labs: New UAC-0056 activity: There’s a Go Elephant in the room Globant suffers network breach due to LAPSUS$ compromise Update now! Apple patches two zero-day vulnerabilities that may have been actively exploited Hive ransomware impacts California non-profit health...
Hive ransomware: Researchers figure out a method to decrypt files
Files encrypted by ransomware cant be recovered without obtaining the decryption key, if the encryption has been done properly. But that doesnt seem to be the case for Hive ransomware. Researchers from the Kookmin University in Korea have published a method for decrypting the data scrambled by...
Master Key for Hive Ransomware Retrieved Using a Flaw in its Encryption Algorithm
Researchers have detailed what they call the "first successful attempt" at decrypting data infected with Hive ransomware without relying on the private key used to lock access to the content. "We were able to recover the master key for generating the file encryption key without the attacker's...
FBI Releases Indicators of Compromise Associated with Hive Ransomware
The Federal Bureau of Investigation FBI has released a Flash report detailing indicators of compromise IOCs and tactics, techniques, and procedures TTPs associated with ransomware attacks by Hive, a likely Ransomware-as-a-Service organization consisting of a number of actors using multiple...