Close

Get in Touch

Contact us to learn more about our elite cybersecurity services and industry-leading technologies.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Close
Breachquest

Emergency Incident Assistance

Is your network under attack? Get in touch with a
BreachQuest Specialist right away with this form.

You can also reach us by calling our 24/7 hotline.

+1 888 409 5811

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

You can also reach us by calling our 24/7 hotline.

+1 888 409 5811

HiveLeak

The ransomware was initially discovered in June 2021, specifically targeting Linux servers, providing faulty decryption tools to victims who pay the ransom, and using double extortion techniques against victims. Hive relies on common initial compromise methods, including vulnerable RDP servers, compromised VPN credentials, and phishing emails with malicious attachments. During the encryption process, affected files are renamed with a similar pattern: original filename, random character string, and the ‘.hive’ extension. Once encryption is complete, ransom notes are dropped into compromised folders named “HOW_TO_DECRYPT.txt”. The .txt file warns victims against shutting down or rebooting connected computers, leading to permanent data loss. Should the victims refuse to meet the group’s demands, the group published a hidden service (darknet) website called HiveLeaks, which displays entries including stolen data.

Go Back Go to Glossary index
Share this article:

Sign up for our newsletter to get more industry news and insights.

Related Resources

Ransomware: HiveLeaks

Learn more