HHS OCIO HC3 TLP White Threat Briefing – Hive Ransomware – October 21, 2021

Agenda

• Hive Ransomware Overview
• Legitimate Applications and Closed Source Code
• Hive Ransomware Attacks
• Hive Ransomware Activity Targeting the U.S. HPH
• Hive Tactics, Techniques, and Procedures (TTPs)
• Mitigations

Overview

First observed in June 2021
• According to the Federal Bureau of Investigation (FBI), it “likely operates as an affiliate-based ransomware”
• Double extortion ransomware
• Human-operated attacks
• Uses legitimate commercial applications
• Utilizes their own closed-source ransomware (complied for both 32-bit and 64-bit machines)
• Possible Russian-speaking actors

View the entire report below. 

For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:

John Riggi

Senior Advisor for Cybersecurity and Risk, AHA

jriggi@aha.org

(O) +1 202 626 2272

More on John Riggi
Learn more about AHA's Cybersecurity and Risk Advisory Services

Key Resources

Related Resources

Advisory
AHA and Health-ISAC Joint Threat Bulletin: Indicators of Compromise Related to Recent Health Care Ransomware Attack
Member
Advancing Health Podcast
Leadership Dialogue Series: Cybersecurity and the Fight to Safeguard Health Care
Public
Leadership Rounds
Leadership Dialogue
Public
Special Bulletin
UPDATE: AHA and Health-ISAC Threat Advisory: FBI Advises No Specific Credible Threat Targeting Hospitals
Public
Special Bulletin
AHA and Health-ISAC Bulletin on Threat to Hospitals
Member
AHA Center for Health Innovation Market Scan
Rural Hospitals Move to Enhance Cybersecurity