A vulnerability has been identified in the encryption algorithm used by the Hive Ransomware software that could allow decryption of encrypted data. Hive Ransomware operations have been active since June 2021 and use the Ransomware Software as a Service (RaaS) model. Hive operators demand ransom by threatening targets to publish the intercepted data on leak sites (HiveLeaks).
The vulnerability detected in the encryption algorithm used by the Hive Ransomware software allows data to be decrypted without knowing the private key used by the group to encrypt the files. In this way, 95% of the keys used by Hive operators to generate the file encryption key were recovered, and encrypted files were decrypted.
In April 2021, the FBI released a report containing technical details on Hive Ransomware operations. According to another report published by blockchain analytics platform Chainalysis, Hive ransomware was among the ten highest-grossing ransomware software in 2021. Hive operators use various attack methods, including malicious spam campaigns, vulnerable RDP servers, and compromised VPN credentials. To not affect by possible Ransomware attacks, it is recommended not to interact with e-mails and links from unknown parties, use reliable security solutions, Restrict RDP accesses, download files or applications over known/trusted connections and sources.