OVERVIEW

▪ The Hive Ransomware was first seen in 2021. It relies on diverse set of tactics, techniques and procedures (TTP) which make it difficult for any organizations to defend against its attacks.

▪ Hive Ransomware uses phishing emails including malicious attachments to gain initial access and then taking control of Remote Desktop Protocol (RDP) to move laterally.

▪ After compromising the network, it looks for and terminates all the process related to backups, anti-virus, and copying of files to increase the chance of success.

▪ After encryption the file ends with .hive extension.

▪ The attacker leaves a ransom note in each affected directory inside the system which includes all the instruction related how to pay for the decryption software.

▪ The ransom note which threaten to leak the victim data on tor website “HiveLeaks”.