Understanding Hive ransomware – Preventing becoming the next victim


Hive was first discovered in June 2021 and is a collaborative variant of ransomware designed to target various sectors globally, including healthcare institutions, non-profit organizations, retailers, and more.

Its structure is built upon the Ransomware-as-a-Service (*1) model, allowing it to be utilized based on specific requirements.

The ransomware is developed using the GO language and compressed using UPX.

It employs AES + RSA encryption algorithms.

The typical modus operandi is “Double Extortion,” where sensitive data is not only encrypted but also threatened to be leaked.

The contact method used is Live Chat, an online chat system, which differs from the traditional method of using email.

According to Chainalysis’ statistical report, Hive ransomware ranked 8th in the list of the most profitable ransomware globally in 2021.

Top 10 ransomware strains by revenue, 2021

Since Hive ransomware is being rented out to others as a weapon, it comes as no surprise that it offers an attractive and user-friendly interface.

The dashboard provided to renters allows them to view statistics such as the number of businesses encrypted, the number of businesses that have paid, the total amount paid, and more.

This user-friendly interface enhances the efficiency of the rental process and makes it easier for attackers to carry out their malicious activities.

Hive dashboard

Hive Live Chat

Live Chat Dashboard

Does it look very similar to a customer service personnel’s response interface?

Latest News

1.As of January 2022, there was news about South Korean researchers finding a way to reverse-engineer the Master Key. This development eliminates the need for hackers to possess the private keys.

The researchers discovered encryption vulnerabilities in the location where the Master Key is generated and stored.

Using this information, they were able to reverse-engineer and partially reconstruct the Master Key.

(For the complete research paper, please refer to – 2202.08477.pdf (arxiv.org))

2.In January 2023, US officials announced a heartening piece of news. FBI Director stated during a press conference that since July 2022, the FBI had gained exceptional access to HIVE’s computer networks, allowing the bureau to provide victims with “private keys” preventing $130 million in ransom payments.

“Simply put, using lawful means, we hacked the hackers,”

*1 RAAS : What is Ransomware as a Service (RaaS)? | Definition from WhatIs (techtarget.com)


Some Random Posts

Leave a Reply

Your email address will not be published. Required fields are marked *