WASHINGTON— A joint Cybersecurity Advisory (CSA) that shares technical details associated with Hive ransomware variants identified through FBI investigations and that provides advice has been published.
The advisory was jointly issued by the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the Department of the Health and Human Services (HHS) for organizations to defend against the threat.
According to the advisory, from June 2021 through at least November 2022, various threat actors have used Hive ransomware, which follows the Ransomware-as-a-Service (RaaS) model, to target a wide range of businesses and critical infrastructure sectors, including government facilities, communications, manufacturing, information technology, and especially organizations in the healthcare and public health sector.
The advisory said the type of initial intrusion depends upon the Hive RaaS affiliate that targets the network, which include using compromised credentials in Remote Desktop Protocol (RDP), virtual private networks (VPNs), and other remote network connection protocols in which multifactor authentication (MFA) is not enabled.
Response Recommendations
According to the advisory, actions that organizations can take to mitigate cyber threat to ransomware include:
- Prioritize remediating known exploited vulnerabilities
- Enable and enforce multi-factor authentication with strong passwords
- Close unused ports and remove any application not deemed necessary for day-to-day operations
CISA, FBI and HHS are all urging organizations, particularly those in the HPH sector, to apply the recommended mitigations in this CSA to reduce the likelihood of compromise from Hive and other ransomware operations.
Victims of ransomware should report the incident to their local FBI field office or CISA, the advisory noted.