The Korea Internet and Security Agency (KISA) has released a free decryptor for Hive ransomware versions 1 through 4. The Hive ransomware operation is offered as a Ransomware-as-a-Service (RaaS) model and has adopted a double-extortion method threatening to post victim data to their website if the ransom is not paid. The decryptor first became possible after a research team at Kookmin University (South Korea) discovered a flaw in the encryption algorithm used by Hive. The flaw allowed them to decrypt data without knowing the private key used by the ransomware gang. The agency released the decryptor as an executable with a step-by-step guide.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased