Joint Cybersecurity Advisory – #StopRansomware: Hive

Today, CISA, the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) released joint Cybersecurity Advisory (CSA) #StopRansomware: Hive Ransomware to provide network defenders tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with Hive ransomware variants. FBI investigations identified these TTPs and IOCs as recently as November 2022.

Hive ransomware has targeted a wide range of businesses and critical infrastructure sectors, including Government Facilities, Communications, Critical Manufacturing, Information Technology, and—especially—Healthcare and Public Health (HPH).

Three of the most impactful actions organizations can take today to mitigate impacts from Ransomware are:

• Prioritize remediating known exploited vulnerabilities.
• Enable and enforce multifactor authentication with strong passwords
• Close unused ports and remove any application not deemed necessary for day-to-day operations.

CISA encourages network defenders to review the CSA and to apply the included mitigations. See StopRansomware.gov for additional guidance on ransomware protection, detection, and response. Access the full Activity Alert at CISA.