FBI warns that Hive ransomware hackers are calling victims by phone

Share

Written by

Americans already trying to avoid calls from telemarketers, call support scammers and long-winded in-laws now have another reason to ignore that ringing phone: ransomware hackers.

Scammers affiliated with a digital extortion outfit known as Hive are using phone calls to dial victims who are infected with a malicious software strain that locks up their files until they agree to pay a hostage fee, according to an August 25 FBI alert. Investigators first observed hackers deploying the malware in June, with attackers leveraging Microsoft’s Remote Desktop Protocol to infect business networks.

In some cases, if victims don’t pay the demanded fee within two to six days, they have reported receiving phone calls from the hacking group. It’s the latest iteration of a personal tactic pioneered by other gangs — Maze, Conti and Ryuk, for instance — in which malware operators are thought to outsource tasks to a call center. Security firms Emsisoft and Coveware reported earlier this year that attackers with non-English accents were phoning more ransomware victims.

In this case, if victims refuse to pay the ransom, hackers threaten to leak stolen files on “HiveLeaks,” a dark-web site. Victims listed on the site include companies in a range of industries, from financial services to manufacturing, with listed revenues between $2 million and more than $100 million.

The phone tactic dates back to at least 2017, according to a U.K. government alert that warns schools about phone calls from scammers posing as teachers and government employees.

While this latest FBI alert does not describe the language that Hive-affiliated hackers use in their phone calls, the gang does appear to be the latest instance of an affiliate extortion program.

The affiliate business model typically involves hackers renting access to a malware tool, working with other specialists and then splitting the profits. Call centers, either for so-called customer support or payment harassment, often function as part of that scheme, with a single call center operating on behalf of multiple gangs.

-In this Story-

Federal Bureau of Investigation (FBI), Hive ransomware, ransomware
TwitterFacebookLinkedInRedditGmail