The US Government advised healthcare firms about the Hive ransomware

US Government Healthcare Hive Ransomware Malware RaaS Threat Advisory

The United State Department of Health and Human Services has released a public threat advisory for healthcare firms regarding the looming attacks of the Hive ransomware group. The HHS has made a thorough report about the strategies and malicious activities of the group to aid organisations in the HPH sector.


The government agency added that they are sending these warnings so that the healthcare firms take appropriate security measures in securing their infrastructure from attacks.


The US health department claimed that the Hive is the fourth most active ransomware threat circulating in cyberspace. Its operations include double extortion tactics against targeted entities and leaking stolen data on the dark web if the victim does not comply.

Hive’s operators perform through a Ransomware-as-a-Service (RaaS) model that prioritises the development and operations of their strain while their comrades utilise it to deploy cybercampaigns.

If their affiliates execute that RaaS, the ransomware searches systems for applications and processes with backup data and disrupts them. This method includes removing system snapshots and shadow copies.

The US agency also indicated the recent tweaks and changes monitored in the Hive ransomware since its operators attempted to adopt the practices and features of the BlackCat ransomware.

One of the features that the group attempted to copy is the removal of Tor negotiation URLs from the encryptor to prevent security researchers from extracting the ransom note and reviewing negotiations.

Hive’s threat actors also expanded their targeted scope, resulting in the inclusion of Linux and FreeBSD systems by further upgrading encryption algorithms. Furthermore, the group also employed a new obfuscation tactic called IPfuscation to bypass detection during the infection stage.

Security experts iterated that many of the operations adopted by the Hive ransomware group are typical behaviour operated by other ransomware gangs. However, they still have unique features that make them more dangerous than other gangs.

Therefore, organisations, especially healthcare firms, must have integral security measures to counter and discourage such attacks.

About the author

Leave a Reply