Hive hackers are exploiting Microsoft Exchange Servers in ransomware spree

The Hive threat group is targeting vulnerable Microsoft Exchange Servers to deploy ransomware.

First spotted in June 2021, Hive is a Ransomware-as-a-Service (RaaS) model in which cyberattackers can utilize the Hive ransomware strain in attacks.

The threat actors operate a leak site, accessible via a .onion address, which aims to ‘name and shame’ ransomware victims. Additionally, the malware operators practice double-extortion, in which sensitive corporate data is stolen from a victim organization before disk encryption.

If a victim refuses to pay for a decryption key, the cyberattackers will plaster their name across the leak site and set a timer before the data is leaked. This piles on the pressure and gives the attackers more opportunities for extortion.

Hive’s past victims include non-profit entities, the energy sector, financial companies, and healthcare providers.

“While some ransomware groups operating as RaaS networks claim to steer clear of targeting specific sectors such as hospitals or other critical industries to avoid causing harm to people, Hive’s attacks against healthcare providers in 2021 showed that the operators behind it have no regard for such humanitarian considerations,” Trend Micro said in a March 2022 investigation of the group.

The FBI issued an alert on Hive activity in August 2021,

Read More: