First seen in June 2021, Hive is a ransomware family which most recently made headlines for attacking commercial real estate software solutions company Altus Group. This threat favors the increasingly common attack technique of double extortion, where data is both locally encrypted and exfiltrated before a ransom demand is made.
If the victim refuses to cooperate with the threat actors, their data is published to Hive’s leak site, titled "Hive Leaks," which at the time of writing is located on the dark web at hxxp[:]//hiveleakdbtnp76ulyhi52eag6c6tyc3xw7ez7iqy6wc34gd2nekazyd[.]onion/
The currently viewable list of Hive leaks includes seven companies that have refused to cooperate with the threat actors. As this is such a new threat, this number is likely to continue to grow.
The BlackBerry Research & Intelligence Team has analyzed the attack methods used by Hive ransomware, and in addition to recommending basic cyber hygiene steps, the team strongly urges BlackBerry customers to ensure their systems have the BlackBerry® Cyber Suite components listed below enabled with a blocking policy to detect threats that trigger the specific rules listed.
BlackBerry Cyber Suite and BlackBerry Guard Stop these Attacks.
BlackBerry customers can feel confident that the AI-driven BlackBerry Cyber Suite, as well as our Managed Detection & Response (MDR) solution BlackBerry® Guard, are all well-equipped to mitigate the risks posed by threat actors:
- BlackBerry® Protect provides automated malware prevention, application and script control, memory protection, and device policy enforcement.
- BlackBerry® Optics extends the threat prevention by using artificial intelligence to prevent security incidents. It provides true AI incident prevention, root cause analysis, smart threat hunting, and automated detection and response capabilities.
- BlackBerry recommends the following BlackBerry Optics rules be activated to provide additional telemetry from any such attack:
- Win Create Script File MITRE T1059
- Win command cmdc MITRE T1059
- Win CMD Deleting Sensitive Documents MITRE T1070
- Shadow File Deletion (MITRE)
- Win Inhibit System Recovery MITRE T1490
- BlackBerry recommends the following BlackBerry Optics rules be activated to provide additional telemetry from any such attack:
- The BlackBerry Mobile Threat Detection solution both detects and prevents advanced malicious threats at the device and application levels. It combines the mobile endpoint manager capabilities of BlackBerry® Unified Endpoint Management with advanced AI-driven threat protection, to get in front of malicious cyberattacks in a Zero Trust environment.
- BlackBerry® Persona creates trust based on behavioral analytics, application usage, and network and process invocation patterns. It uses adaptive risk scoring to provide continuous authentication.
- BlackBerry Guard customers are proactively protected from Hive ransomware attacks. Our 24/7 MDR solution customers also receive:
- Alerts monitored in real-time
- Corrective policies applied while discovering gaps in policy implementation
- Prioritized threat hunting
- The latest threat intelligence for fast-moving threats
Prevention First
At BlackBerry, we take a prevention-first and AI-driven approach to cybersecurity. Putting prevention first neutralizes malware before the exploitation stage of the kill-chain.
By stopping malware at this stage, BlackBerry solutions help organizations increase their resilience. It also helps reduce infrastructure complexity and streamline security management to ensure business, people, and endpoints stay secure.
BlackBerry Assistance
The BlackBerry Incident Response team can work with organizations of any size and across any vertical, to evaluate and enhance their endpoint security posture and proactively maintain the security, integrity, and resilience of their network infrastructure.
For emergency assistance, please email us at DLIR@blackberry.com, or use our handraiser form.
Learn more about the latest cybersecurity threats and threat actors in the BlackBerry 2021 Annual Threat Report.