The Korea Internet and Security Agency (KISA) has released a free decryptor for Hive ransomware versions 1 through 4. The Hive ransomware operation is offered as a Ransomware-as-a-Service (RaaS) model and has adopted a double-extortion method threatening to post victim data to their website if the ransom is not paid. The decryptor first became possible after a research team at Kookmin University (South Korea) discovered a flaw in the encryption algorithm used by Hive. The flaw allowed them to decrypt data without knowing the private key used by the ransomware gang. The agency released the decryptor as an executable with a step-by-step guide.
Victims of Hive ransomware should investigate potentially using this decryptor to retrieve locked files. Now that the decryptor and associated research has been made public, it is likely that the threat group will adjust their ransomware and protect against the decryptor if they have not done so already. Organizations should follow security best practices to ensure they are protected from ransomware.