One of the most dangerous ransomware kits around might have just gotten a rebrand
Is Hive back? A new threat actor denies the connection
There is a good chance that one of the world’s most dangerous ransomware operators out there - Hive - has just gotten a rebrand.
Earlier this month, security researchers spotted a new player in the ransomware game, called Hunters International. The group doesn’t focus on encrypting their victims’ endpoints as much as it focuses on data theft and so far, it only managed to compromise one victim- a UK school.
However, the group’s encryptor is strikingly similar to that of Hive. More than 60% of the code overlaps with that of Hive ransomware, researchers said, with some going so far as to pinpoint the exact version of Hive that was rebranded - version 6.
Dismantled by the FBI
Hunters International, though, is having none of it. The group claims to have bought not just the encryptor source code, but also the website and old Golang and C version. The group also claims Hive’s encryptor came with a few bugs that it fixed.
If both groups were active at the same time, then it would clear any confusion as to whether they were the same or different operators. As things stand now, that most likely won’t happen, as Hive’s operations were terminated after its Tor payment and data leak site were confiscated by law enforcement early this year.
Hive had 250 affiliates, BleepingComputer further stated, allowing the FBI to infiltrate the network and keep a low profile for half a year, gathering intelligence and mapping the group out. Before the seizure, Hive breached more than 1,300 companies and extorted more than $100 million from its victims.
FBI’s work resulted in a decryption key that was handed out to more than 1,300 victims.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
In order to avoid being targeted by the police, most ransomware groups these days refrain from attacking critical infrastructure organizations, state organizations, or healthcare institutions.
Via BleepingComputer
More from TechRadar Pro
- Millions of Android phones are shipping with malware already installed
- Here's a list of the best firewalls today
- These are the best malware removal tools around
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.