The FBI issued a warning about Hive ransomware after an attack was linked to an Aug. 15 ransomware demand on Marietta, Ohio-based Memorial Health System that shut down its IT network. The system diverted patients as a result of the attack.
Six things to know:
- Hive ransomware was first observed in June, according to an Aug. 25 FBI news release. After Hive has been deployed on a network, it exfiltrates data and encrypts the files held on the network, according to the FBI.
- The hackers leave a ransom note on the computer on every infected directory on the victim's network. The note has instructions on how to purchase the decryption software and threatens to leak the stolen data on the dark web site HiveLeaks, the FBI stated.
- The ransomware group has been linked to the attack on Memorial. The health system was forced to shut down its IT system during the attack and had to divert ambulances and patients to other hospitals during a weeklong outage.
- Tech website Bleeping Computer reportedly has viewed evidence that the hackers stole databases from the health system with the information belonging to 200,000 patents. The ransomware attack was first linked to Hive after the hacker group began posting about it on HiveLeaks, according to a tweet by @dnwls0719.
- Scott Cantley, CEO of Memorial said in an Aug. 18 news release shared with Becker's that the system had "reached a negotiated solution and are beginning the process that will restore operations as quickly and as safely as possible. We are following a deliberate, methodical approach to bring systems back online securely and in a manner that prioritizes our ability to provide patient care. This could happen as early as Sunday."
- A spokesperson from Memorial confirmed to Becker's that the system was working with the FBI to negotiate a solution with the hackers.