Critical Infrastructure Security , Cybercrime , Cybercrime as-a-service
Why Hive Attacks Are the Latest Menace to Healthcare SectorAdam Meyers of CrowdStrike on How the Hive Ransomware Group Pressures Victims
Several characteristics of the Hive ransomware group make the threat actor particularly menacing to victims, which include healthcare sector targets, says Adam Meyers, vice president of intelligence at security firm CrowdStrike.
"A lot of the ransomware actors focus on one particular platform, like Windows," he notes. "The Hive is a group that has [ransomware] for multiple platforms … Windows, Linux, and also EXSi hypervisors, which is another tactic that's relatively new, he says.
"These actors have been looking for ways to increase the pressure and pain they've been inflicting on their victims in order to compel them to pay faster and more," Meyers says in an interview with Information Security Media Group.
He says that the Hive group has been able to "to create the ability to run their ransomware against EXSi, which is where a lot of virtualized servers are leveraging that technology."
The group is also using Golang, "which is a more modern programming language and something that a lot of adversaries have been moving toward," according to Meyers.
"We're not quite sure yet if it's ransomware as a platform or if it's a closed group. There are some indications that it’s a platform that has a very select set of affiliates."
Once Hive gets into a system, the attackers use their tools to move laterally to escalate privilege and then steal information and encrypt the files that are on the platform, Meyers says.
"They will release that sensitive information - patient records, HIPAA data - publicly in order to make it very painful for the victim."
Hive was the subject of a recent warning issued by the FBI (see: FBI Issues Alert on Hive Ransomware).
In the interview, Meyers also discusses:
- Hive threats facing the healthcare sectors;
- Advice for healthcare sector entities to defend against and respond to Hive attacks;
- Other sectors being targeted by Hive.
As CrowdStrike's senior vice president of intelligence, Meyers directs a geographically dispersed team of cyberthreat experts tracking criminal, state-sponsored and nationalist cyber adversary groups across the globe to product actionable intelligence. He also oversees the development and deployment of AI, machine learning, reverse engineering, natural language processing and other technologies to detect suspicious and malicious cyber behavior.