[German]Victims of Hive ransomware may hope to decrypt their encrypted files. This is because Korean security researchers have succeeded in developing a decryptor for versions 1 to 4 of this Hive ransomware. This was possible because there was a vulnerability in the encryption that could be exploited.
I have already reported on the Hive Ransomware group several times here on the blog. In Germany, the attack on Media Markt/Saturn was carried out by this group (Media Markt/Saturn: Ransomware attack by hive gang, $240 million US ransom demand). First discovered in June 2021, Hive is a ransomware-as-a-service used by cybercriminals to attack healthcare facilities, nonprofits, retailers, utilities and other industries worldwide. I traced the anatomy of such an attack in the post Anatomy of a Hive Ransomware Attack on Exchange via ProxyShell.
According to the above tweet, however, there is now a decoder for the first four versions of the ransomware that can be downloaded from this Korean website (if necessary, use a translator to find the download link for Hive_Ransomware_Integrated_Decryption_Tool.zip).
Cookies helps to fund this blog: Cookie settings