After the takedown of the Hive ransomware infrastructure in January 2023, the FBI unfolded a rather disturbing truth. Only 20% of Hive victims in the US reported suffering a ransomware attack. The FBI finding about Hive puts a question mark on the security protocol adopted by the other nearly 80% of the Hive ransomware victims.
The FBI and other federal departments and agencies have been urging the victims of ransomware to report the incident. This is not just to prevent further damage but also to know how to avoid future risks.
However, the FBI findings about Hive ransomware victims may point toward underlying problems that need to be addressed rooted in the mindset of victim organizations.
20% of Hive Victims in the US Reported Ransomware Attack
The FBI reiterated that when a victim reports a cyber incident, they can share actionable information with them to help mitigate future attacks.
“Ransomware victims’ reluctance to report cyberattacks could be due to fear of legal consequences, reputation concerns, or uncertainty about the effectiveness of law enforcement’s response,” Alon Gal, Chief Technology Officer at cybercrime firm Hudson Rock told The Cyber Express.
Addressing the reasons why organizations stay quiet was further elaborated by Alon. He said, “Being reported as a ransomware victim can put a strain on the reputation of a firm. Such incidents may be perceived as a sign of vulnerability in cybersecurity measures, potentially harming customer trust and investor confidence.
However, ransomware attacks pose several threats that could be mitigated by responsibly reporting them to law enforcement to find a holistic report of the incident and other helpful resources for prevention in the future.
While 20% of Hive victims found the solutions, the remaining 80% likely paid the ransom, incurred financial losses, and yet likely had their names reflected on the dark web.
Ransomware groups note almost all of their victims on their dark web to show the count of their cyberattacks.
Fate of Ransomware Attack Victims
The fate of the victims remains unclear as their data may or may not be erased after being paid a ransom. In an age where ransomware attacks have doubled on a year-on-year basis, it is imperative that organizations address the concerns affecting their data and face their customers in the right way.
According to the ransomware report pertaining to Q3-2023 by Cyble, it was found that 1,084 victims of ransomware were publicly disclosed by the attackers with the United States being the most targeted nation.
The healthcare sector ransomware attacks increased by 23% leading to concerns regarding its security and healthcare services being disrupted.
Although healthcare personnel are well-equipped and prepared to work under tense situations, a ransomware attack impacts services that rely on digital infrastructure.
Screenshot of the alert posted by WMCHealth
The WMCHealth cyberattack had the healthcare divert ambulances to other facilities leaving emergency patients health and life in danger.
Hive Takedown and Springing Up in Action
Hive portal after takedown (Photo: National Crime Agency)
Although Hive ransomware was taken down in a covert international operation spanning months earlier this year, recent reports shed light on its affiliates getting back to action.
Hive targeted over 1,500 organizations in over 80 countries within a year, had its computer network penetrated and decryption keys captured during the takedown.
Hunters International’s portal (Photo: Dominic Alvieri/ X)
Cybersecurity researchers have been posting about the Hunters International which according to some is being run by Hive members.
Data samples allegedly from Beverly Hills plastic surgeon (Photo: Brett Callow/ X)
The Hunters International ransomware and data extortion group posted breast surgery patient photos as evidence to prove legitimacy of their cyberattacks claim, shared the Cybersecurity Analyst, Dominic Alvieri in a recent tweet.
“#HuntersInternational – which is likely the #ransomware operation formerly known as #Hive – has listed a Beverly Hills plastic surgeon, releasing photos which are claimed to be of patients,” tweeted the Threat Analyst Brett Callow about the same incident.
The 80% Hive Victims, Ransomware Groups, Police Takedowns and Global Association
While the fate of the data and reputation of the remaining 80% of the US Hive victims remains unclear, those who did report cybercrimes joined the others who deemed it appropriate to take the longer route to mitigate further risks.
Global Ransomware Association (Photo: Dominic Alvieri/ X)
Ransomware groups have been busy working on the effectiveness of their malware added to the update that they are planning to launch a Global Ransomware Association (GRA) – /globalransomware[.]org
Dominic tweeted about the Global Ransomware Association news this month which further highlights the threat the world is facing today in the name of ransomware.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.