Wednesday, December 6, 2023
HomeTechnologyThe identity of the cybercriminals who attacked Artear was revealed: Hive, a...

The identity of the cybercriminals who attacked Artear was revealed: Hive, a group that attacks companies and hospitals

After the cyberattack suffered on June 1 by Artear, the company that owns Channel 13, TN and other television channels of Grupo Clarín, it became known who managed to access the systems. Is about hivea gang of cybercriminals that operates with ransomware, a program that encrypts third-party files to ask for money in exchange for their ransom.

Hive published this Thursday morning the entry with the confirmation of the computer attack. There the band uploaded a post in which they give information about Artear.

Along with this information there are two links to download data from a user who, as he learned Clarion, has not worked in the company for a year and a half. There is also a second download address, which at the moment gives an error. In the post you can also see the date of the encryption, which refers to June 1 of this year, at 9:34 in the morning.

Hive is a gang of cybercriminals that extorts victims for ransom money in return. Their last major attack was on Costa Rican public health systemat the end of May this year. Microsoft also fell prey to Hive, when Microsoft Exchange servers they were compromised on April 20, 2022.

The note that Hive published on the dark web. hive photo

“The Hive ransomware group is one of the most resonant in recent times. Using a model RaaS (Ransomware as a Service) and a vast network of affiliates, manage to violate a large number of industries throughout the world in a short time. Some researchers point out that they manage to attack on average three big companies every month”, Mauro Eldritch, cybersecurity architect and consultant, explained to Clarín.

“Among his victims, in addition to Artear, are one of the most popular Colombian TV stations (TV snail); airlines like Travira Air; oil companies such as GuardFuel, industrial firms such as XEIAD, Soucy or ChemStation; and even a Brazilian firm that provides cybersecurity servicesG&P,” he added.

Also, they do not respect an implicit rule that other cybercriminals do follow: do not affect essential services. “They have also targeted health providers like Goodman Campbell, Missouri Delta Medical Center and Memorial Health System, leading to cancellations of surgeries and procedures at at least three hospitals,” he explains.

Since the attack was made public on June 1, some internal workers of various Artear companies such as TN reported problems to work. The difficulties were recorded, above all, within the newsrooms, that is, working locally.

This was due to the fact that the company restricted certain access ports to contain the attack, which impacted the performance of the equipment, making daily work very complicated due to the slowness of the equipment.

The company assured that this did not impact the screens of its signals, which were able to continue with their usual schedules and routines.

For now the figure was not disclosed that the cybercriminals asked for.

What is ransomware

Ransomware is a type of program that encrypts information to extort money from users. His name is an acronym for “data rescue program”: ransom in English means ransom, and ware is a shortening of the well-known word software: a data hijacking program. Ransomware is a subtype of malware, an acronym for “malicious software.”

Now, this type of program acts by restricting access to parts of our personal information, or all of it. And in general, hackers exploit this to ask for something in return: money.

While some simple ransomware can lock down the system in a simple way, the most advanced ransomware uses a technique called “cryptoviral” extortion, in which the victim’s files are encrypted, making them completely inaccessible.

In recent years, this form of extortion has become highly popular among cybercriminals, putting business giants such as Nvidia, Samsung, Capcom, Microsoft and Apple in trouble worldwide.

At the local level, Mercado Libre, Globant and even Ingenio Ledesma fell prey to this type of extortion.

The Argentine State was not immune either: in 2020 cybercriminals from a gang called Netwalker published sensitive data from Migrations of Argentina.

And in January of this year, the Senate of the Nation suffered a huge leak of private data.


Recent posts