CISA, FBI and HHS Cyber Advisory – #StopRansomware: Hive Ransomware

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of the Health and Human Services (HHS) released a joint Cybersecurity Advisory (CSA) with technical details associated with Hive ransomware variants identified through FBI investigations as recently as November 2022.

From June 2021 through at least November 2022, threat actors have used Hive ransomware, which follows the Ransomware-as-a-Service (RaaS) model, to target a wide range of businesses and critical infrastructure sectors, including government facilities, communications, manufacturing, information technology, and especially organizations in the Healthcare and Public Health (HPH) sector.

The method of initial intrusion depends upon the Hive RaaS affiliate that targets the network, which include using compromised credentials in Remote Desktop Protocol (RDP), virtual private networks (VPNs), and other remote network connection protocols in which multifactor authentication (MFA) is not enabled.

Actions that organizations can take today to mitigate cyber threat to ransomware include, prioritize remediating known exploited vulnerabilities, enable and enforce multi-factor authentication with strong passwords, and close unused ports and remove any application not deemed necessary for day-to-day operations.

CISA, FBI and HHS urge all organizations, particularly those in the HPH sector, to apply the recommended mitigations in this CSA to reduce the likelihood of compromise from Hive and other ransomware operations. Victims of ransomware should report the incident to their local FBI field office or CISA.

This joint CSA is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors.

Your support to amplify this CSA through your communications and social media channels is appreciated. And as always, thank you for your continued collaboration.

Steve Lyddon
Protective Security Advisor, Region 5, Illinois
Cybersecurity and Infrastructure Security Agency
U.S. Department of Homeland Security
Cell:  217-299-3954 |