Hive ransomware gets away with 100 million dollar
Yesterday, on November 17th, the FBI, CISA and HHS released a joint cybersecurity advisory about ransomware with the focus on the ransomware Hive. According to FBI information, the ransomware Hive has extorted around 100 million dollars worldwide from around 1,300 different companies in just over a year.
The infiltration typically started with an attack on single-factor logins to networks such as VPN (Virtual Private Network) or other remote network connections. Other attack vectors used were outdated systems or phishing e-mails with malicious content.
After intruding, the ransomware shuts down all processes related to backups, antivirus programs or copying files. Additionally, it deactivated Windows system and security logs. After disabling the defense mechanism, all data is being downloaded. In the last step, the ransomware encrypts the entire system and leaves a note “HOW_TO_DECRYPT”. In this note, the attacker threatens to reveal all the stolen information if the ransom is not paid. He explains how the victim can pay the ransom in Bitcoins.
How to prevent such infiltration of systems? There are multiple ways:
- As mentioned in the text above, the main target were single identification logins. Such an attack can be prevented with MFA (Multi-Factor-Authentication).
- The second attack vector can be hindered by frequent vulnerability scans and automatic updates.
- Against the last vector there are multiple solutions which should be combined: cybersecurity training for employees and filters in e-mail communication.
Would you like to know more about it? Then check the following two sources:
- Alert (AA22-321A). #StopRansomware: Hive Ransomware (cisa.gov)
- FBI: Hive ransomware extorted $100M from over 1,300 victims (bleepingcomputer.com)
Microsoft Kerberos out-of-band patch
On November 8th, a security update for Windows server with domain controller was distributed. Since then, users may have issues with Kerberos authentication.
Microsoft noticed the problem and released a fix for the issue yesterday, on November 17th. It can be found in the Microsoft update catalog and only needs to be installed on the server with domain controller. Additionally, Microsoft recommends updating it quickly and removing any self-created workarounds in the environment.
Check out all the insights on this patch:
- Windows 11, version 22H2 known issues and notifications (microsoft.com)
- Windows Kerberos authentication breaks after November updates (bleepingcomputer.com)
Is cybersecurity a topic of interest for your company? As an independent entity with a portfolio of proven security providers, CyberCompare can provide you with comparative offers at no charge and with no obligation. Reach out to us or use our diagnostic to learn more about your cyber risk profile.
Please remember: this article is based our knowledge at the time it was written – but we learn more every day. Do you think important points are missing or do you see the topic from a different perspective? We would be happy to discuss current developments in greater detail with you and your company’s other experts and welcome your feedback and thoughts.
And one more thing: the fact that an article mentions (or does not mention) a provider does not represent a recommendation from CyberCompare. Recommendations always depend on the customer’s individual situation.