The Hive ransomware is expanding faster, experts revealed

Hive Ransomware Ransomware as a Service Leak Site Dark Web Malware

Based on recent reports, the growth of Hive ransomware is rising at an alarming rate. The Ransomware-as-a-Service (RaaS) is aggressively spreading its operation and has been eyeing many organisations globally since its first emergence last June of 2021.

Security experts have acquired access to the administrator infrastructure of Hive, and they have dug deeper, resulting in discoveries about the ransomware group. They revealed that the ransomware group had targeted approximately 350 organisations in just four months of active operation, which means that the ransomware group has about three victimized organisations per 24 hours.

Moreover, in Hive’s leak site lists, the researchers discovered 55 existing organisations pending a ransom payment. The list shows that many targets have given ransom to avoid being included in the leak lists. The leak site also reveals that most non-paying victims are minor to medium-sized organisations. Yet, the group has allegedly targeted a large group of giant firms as well.


Researchers believe that the Hive ransomware group had already garnered millions of dollars in the previous months.

Some findings also revealed that the threat actors had made over $6 million in just two months of the crime.

As researchers navigated deeper at the administration panel of Hive ransomware, they disclosed several additional details and methods regarding its operations.

It was discovered that the Hive’s developer had made an enormous effort in making their ransomware-as-a-service convenient to use for their crime affiliates. Moreover, the administration panels and the leak website are API-based portals, which are peculiar for cyberattack operations.

The Hive ransomware affiliates can utilize the platform to create a new malware version in just under 15 minutes. They can also see a preview of the total amount they gathered from their victims that paid the ransom, and also allows transactions with the victims in a disclosed manner, where the communication between them and their victims is visible only to their colleagues.

The efforts made by Hive developers imply that they are looking to take their threat to a whole new level, and its fast growth rate indicates a maturing firm-like business. For this reason, experts suggest that organisations should always have regular back-ups, utilize multi-factor authentication, and acquire connections to potent cybersecurity solutions companies.

About the author

Leave a Reply