Hive Ransomware

After a June 14 breach, Altus Group’s files were just leaked on the new Hive ransomware group’s leak site. At the time of the breach, email communications were taken offline, but Altus Group did not reveal if any information had leaked. The Altus Group is a commercial real estate software solutions company.

Our engineers were able to retrieve the following information from their site.

Titled HiveLeaks, the site has no other collection of leaked files, which leads us to believe this group is brand new. In this graphic, you can see how Hive operators explain when they encrypted files with three days between the encryption and publishing of the Altus files. The Hive group was likely going through negotiations and setting deadlines for payments and decryption of the data.

At time of writing, Altus has not confirmed whether or not the leaked data is legitimate. However, SpearTip’s engineers were able to uncover more file names within the batch of posted data.

Some file names were retracted for privacy.

The zip file contained within the data dump is password protected, but file names and types can be viewed. Below is another example of what types of information the Hive operators obtained in the breach.

Hive ransomware adds to the threat landscape that continues to evolve and adapt. Our engineers are constantly working to get ahead of the newest threats by continuously learning about them. We understand there are new threats daily, and the only way to combat them is through improving our cyber intelligence and understanding their tactics and procedures.

It isn’t too surprising to see more groups spawning as some bigger groups have recently retired or have been disrupted by global law enforcement pressure. Regardless, being aware of the imminent threat these groups can pose to your business is crucial. Develop an incident response plan and incorporate a team of experienced cyber experts to continuously watch over your networks 24/7.

SpearTip’s cyber experts continuously monitor environments 24/7 in our US based Security Operations Center. Our certified engineers work in unison with our proprietary endpoint detection and response tool, ShadowSpear®. This allows your organization to have a direct communication with our engineers at any moment and a completely transparent view of your risk profile.

If you think your organization has been breached, call our Security Operations Center at 833.997.7327.