Hive ransomware is relatively new but has become one of the most prevalent ransomware payloads in the ransomware-as-a-service (RaaS) ecosystem. The latest variant carries several major upgrades, and notable changes include a complete code migration to another programming language and a more complex encryption method.
The main difference between the new Hive variant and the older one is the language used for programming. Old variants were written in GoLang, while the new one is written in Rust. This switch has given Hive several advantages Rust has compared to other programming languages. Such advantages include:
- Deep control over low-level resources
- User-friendly syntax
- Good variety of cryptographic libraries
- More difficult to reverse-engineer
- Memory, data type, and thread safety
- Several mechanisms for concurrency and parallelism enable fast and safe file encryption
Ransomware is Constantly Evolving
Similar to most modern ransomware, Hive contains command-line parameters which allow attackers flexibility when running the payload by adding or removing functionality. This means an attacker can choose to encrypt files on remote shares or local files, or they can choose the minimum file size for encryption. As Hive is a sophisticated malware, it will stop services and processes associated with security solutions and other tools that can disrupt its attack chain. Hive will run processes that delete backups and prevent recovery.
Security Against the New Hive Variant
The new Hive variant is highly problematic and concerning, although there are actions customers can take to mitigate the techniques used by the new Hive variant. Adopting certain security considerations will help tremendously in this regard. The first step is to use the included IOCs to investigate whether they exist in your environment and assess for potential intrusion. Additional steps must be taken, including building credential hygiene, auditing credential exposure, prioritizing deployment of Active Directory updates, and enforcing MFA on all accounts. Remove all users excluded from MFA and strictly require MFA from all devices at all times in all locations. Cloud hardening is also effective in this regard. You can implement the Azure Security Benchmark while addressing gaps in authentication coverage and implementing general best practices for securing identity infrastructure.
This information may seem overwhelming, and ransomware continues to become more sophisticated, which is why it is necessary to have the proper practices and protection plans in place. Here at Point 2 Point Disaster Recovery Inc, we understand the severity of this matter and offer azure backup servers, automatic data backup, and server cloud backup services. We are one of the most reliable cloud backup providers, and you can contact our team anytime at (514) 824-0213 for more information!