Decryptor for Hive ransomware v1 till v4 released

Sicherheit (Pexels, allgemeine Nutzung)[German]Victims of Hive ransomware may hope to decrypt their encrypted files. This is because Korean security researchers have succeeded in developing a decryptor for versions 1 to 4 of this Hive ransomware. This was possible because there was a vulnerability in the encryption that could be exploited.


I have already reported on the Hive Ransomware group several times here on the blog. In Germany, the attack on Media Markt/Saturn was carried out by this group (Media Markt/Saturn: Ransomware attack by hive gang, $240 million US ransom demand). First discovered in June 2021, Hive is a ransomware-as-a-service used by cybercriminals to attack healthcare facilities, nonprofits, retailers, utilities and other industries worldwide. I traced the anatomy of such an attack in the post Anatomy of a Hive Ransomware Attack on Exchange via ProxyShell.

Hive Ransomware Decoder

According to the above tweet, however, there is now a decoder for the first four versions of the ransomware that can be downloaded from this Korean website (if necessary, use a translator to find the download link for

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *