The Hive extortion group is actively targeting unpatched Microsoft Exchange Servers and using them to deploy ransomware.
In this campaign, Hive is taking advantage of ProxyShell, a collection of Exchange Server vulnerabilities. Although patches for this security gap were made available last year, unpatched systems remain at significant risk.
Hive has been one of the more prominent ransomware operators recently, prompting FBI alerts. Their malware is based on Golang, and uses multi-extortion techniques to "encourage" victims to pay the ransom — under threat of having their sensitive data leaked online.
The Active Protection included in Acronis Cyber Protect effectively detects and blocks ransomware threats like Hive, while the backup and recovery capabilities ensure that — should disaster strike — your data is preserved and business continuity interruptions are minimized.
