InfoSecurity Magazine -
FBI Warns Businesses of New Hive Ransomware
The FBI has issued a warning to firms about an increasingly prolific new ransomware variant known as Hive.
The Flash alert posted this week noted that the affiliate-based ransomware uses multiple mechanisms to compromise corporate networks, making it harder for defenders to mitigate.
It noted that these include phishing emails with malicious attachments to gain initial access and the hijacking of Remote Desktop Protocol (RDP) to move laterally.
The malware itself looks for and terminates processes linked to backups, anti-virus and file copying to boost its chances of success. Encrypted files end with a .hive suffix.
“The Hive ransomware then drops a hive.bat script into the directory, which enforces an execution timeout delay of one second in order to perform clean-up after the encryption is finished, by deleting the Hive executable and the hive.bat script,” the alert continued.
“A second file, shadow.bat, is dropped
The article FBI Warns Businesses of New Hive Ransomware was originally published at InfoSecurity.