“After encrypting victim networks, ransomware threat actors increasingly used ‘triple extortion’ by threatening to (1) publicly release stolen sensitive information, (2) disrupt the victim’s internet access, and/or (3) inform the victim’s partners, shareholders, or suppliers about the incident,” reported the Cybersecurity and Infrastructure Agency (CISA) earlier this year. Conti also stands out for its flexibility when it comes to payment dates. Conti operators would prefer to get at least some payment as opposed to none. Hive, on the other hand, increases its ransom demands if a victim fails to pay by the deadline. Hive’s focus on speed over quality in the encryption process makes it vulnerable to cryptographic mistakes and increases the possibility of recovering the master key. “Like many cybercriminals, Conti and Hive are opportunistic actors who likely seek to compromise victims through the easiest and fastest means possible, which often include exploiting known vulnerabilities. This is a reminder to all organizations to implement a strong patch management system and keep all systems up-to-date,” Talos researcher Kendall McKay stated.

https://thehackernews.com/2022/05/experts-analyze-conti-and-hive.html