The HHS Cybersecurity Program issued an alert April 19 to healthcare providers warning them to defend against the "exceptionally aggressive" Hive ransomware group.
Here a four things to know about the cyber group, according to the warning:
- The group uses many common ransomware tactics, including the exploit of remote desktop protocol or VPN, and phishing attacks, in addition to more aggressive methods like directly calling the victims to apply pressure and negotiate ransom payments.
- Other tactics deployed by the group include searching the victim's systems that are tied to backups and either terminating or disrupting those connections, deleting shadow copies, backup files and even system snapshots.
- Hive also conducts double extortion and supports this with their data leaks site, while operating as a ransomware-as-a-service model.
- In total, Hive has claimed attacks on approximately 355 companies within 100 days of operations.
HHS is urging healthcare organizations to increase its preventive security measures, such as two-factor authentication, strong passwords, sufficient backups of the most critical data and continuous monitoring.