The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

HHS Issues Warning to HPH Sector about Hive Ransomware

Posted By on Apr 20, 2022

The HHS’ Office of Information Security Health Sector Cybersecurity Coordination Center (HC3) has issued a TLP: White alert about the Hive ransomware group – A particularly aggressive cybercriminal operation that has extensively targeted the healthcare sector in the United States.

HC3 has shared an analysis of the tactics, techniques, and procedures (TTPs) known to be used by the group in their attacks and has shared cybersecurity principles and mitigations that can be adopted to improve resilience against Hive ransomware attacks.

The Hive ransomware group has been conducting attacks since at least June 2021. The group is known for using double extortion tactics, where sensitive data is exfiltrated prior to file encryption and threats are issued to publish the data if the ransom is not paid. The group is also known to contact victims by phone to pressure them into paying the ransom.

Hive is a ransomware-a-service (RaaS) operation where affiliates are recruited to conduct attacks on the gang’s behalf in exchange for a cut of the profits that are generated, which allows the core members of the group to concentrate on development and operations.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Having affiliates with different specialties means a variety of TTPs are employed to gain access to networks; however, the group most commonly uses phishing emails, Remote Desktop Protocol, and VPN compromise in their attacks. Once access to networks is gained, compromised systems are searched to identify applications and processes involved in backing up data, and then those processes and applications are terminated or disrupted. Shadow copies, backup files, and system snapshots are also deleted to make it harder for victims to recover without paying the ransom.

The ransomware is actively developed, and several features and practices have been adopted to prevent analysis of the ransomware, interception and monitoring of negotiations with victims, and the group has adopted a new IPv4 obfuscation technique – IPfuscation – to make their attacks stealthier.

Defending against Hive ransomware attacks requires standard cybersecurity best practices to be followed, including  the following:

  • Changing default passwords and setting strong passwords
  • Implementing 2-factor authentication, especially for remote access services
  • Providing regular security awareness training to the workforce
  • Creating multiple copies of backups, testing those backups, and storing backups offline
  • Ensuring there is continuous monitoring, supported by a constant input of threat data
  • Implementing a comprehensive vulnerability management program and prioritizing known exploited vulnerabilities
  • Ensuring software and operating systems are kept up to date
  • Implementing comprehensive endpoint security solutions that are automatically updated with the latest signatures/updates.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist