Posted on Leave a comment

Hive Ransomware Variant That Encrypts Linux And FreeBSD.

According to government experts, Hive operators have entered tens of  organizations and the discovery of a Linux variant shows that the group is expanding its operations. The group uses a variety of methods to compromise victims’ networks, including phishing emails with malicious attachments to gain access and Remote Desktop Protocol (RDP) to move laterally once on the network.

In August, The Federal Bureau of Investigation (FBI) released a flash alert on the Hive ransomware attacks that includes technical details and indicators of compromise associated with the operations of the gang.

Hive ransomware

To promote file encryption, the ransomware searches for and terminates processes associated with backups, anti-virus/anti-spyware, and file copying. The Hive ransomware appends the.hive extension to encrypted files’ filenames.

Both variants are written in Golang, but the strings, package names and function names have been obfuscated.

The Linux variant appears to be affected  by bugs; the researchers discovered that the encryption process fails when the malware is executed with an explicit path.

Unlike the Windows variant, which has up to five execution options, the new Linux and FreeBSD variants only have one command line parameter (-no-wipe).

To facilitate file encryption, the ransomware searches for and terminates processes associated with backups, anti-virus/anti-spyware, and file copying. The Hive ransomware appends the.hive extension to encrypted files’ filenames.

–-For more Cyber security news in crisp content . Please follow our site via twitter handle @cyberworkx1, Linkedin handle @linkedin

Leave a Reply