Hive Ransomware

The Hive Ransomware is a new player in the ransomware gang landscape. This threat actor emerged on the scene after breaching the internal network of Altus Group, a commercial real estate software solutions company successfully. The hackers were able to collect the company information and initiate encryption routines on compromised systems. 

Altus reported the incident in a press release published on June 14, 2021. Initially, the company didn't include information about the data theft and in subsequent updates mentioned that they found 'no evidence of impact.' Unfortunately, as it turned out, this was not the case. The Hive Ransomware group created a dedicated leak website named HiveLeaks and hosted it on the Darknet. The site included a single breached entity - Altus Group. 

The Hive Ransomware provided a sample of the files they had managed to exfiltrate and descriptive the data as encrypted, giving the first signs that the breach was motivated financially and employed a ransomware payload. The archive released on the threat actor's site was password protected but the names and files included in it were easily inspected. The collected information contains business data, Argus certificates, sensitive documents and multiple development files. 

Just a couple of days after the emergence of the HiveLeaks page, Atlus published a new update acknowledging the ransomware nature of the breach. The company also announced that after consulting with cybersecurity specialists and experts, it had decided to cooperate with the threat actors. In practice, this most likely means that the hackers were paid an undisclosed amount as a ransom.