Hive and Maui Ransomware Targets Healthcare IT.

Top security organizations are warning against increased ransomware activity from the aggressive Hive ransomware group and Maui malware from North Korea posing significant security threats for healthcare organizations.

Hive is an exceptionally aggressive, financially motivated ransomware group known to maintain sophisticated capabilities who have historically targeted healthcare organizations. The Department of Health and Human Services (HHS) Cybersecurity Program issued an alert to healthcare providers warning them to guard against the “exceptionally aggressive” Hive ransomware group.

Maui-The joint advisory from CISA, the FBI and the Treasury Department warns of North Korean state-sponsored cybercriminals using Maui malware to target hospitals and public health agencies.

“North Korean state-sponsored cyber actors used Maui ransomware in these incidents to encrypt servers responsible for healthcare services—including electronic health records services, diagnostics services, imaging services, and intranet services,” the authorities noted.

Use of Hive, a “ransomware as a service” tool, has increased. The Hive group, believed to have began operations in 2021, “employs a wide variety of tactics, techniques and procedures (TTPs), creating significant challenges for defense and mitigation,” as noted in the HC3 analysts notes from April 2022. The latest iteration of Hive has moved to the Rust programming language. According to the Microsoft Threat Intelligence Center this gives the latest version multiple advantages. Using Rust, Hive has a deeper access to low level resources, a faster encryption, and cryptographic libraries. The latest Hive iteration is also more difficult to reverse engineer due to being programmed in Rust.

We recommend the 3-2-1 Rule for the most important data: Back this data up in three different locations, on at least two different forms of media, with one of them stored offline,” according to the organization, Health Sector Cybersecurity Coordination Center (HC3).

https://www.healthcareitnews.com/news/feds-warn-north-korean-ransomware-threat-healthcare-organizations

https://www.fiercehealthcare.com/health-tech/feds-warn-exceptionally-aggressive-ransomware-threat

https://www.aha.org/advisory/2022-07-06-federal-agencies-warn-north-korean-maui-ransomware-threat

https://www.cisa.gov/uscert/ncas/alerts/aa22-187a

Share the Post:

Related Posts