View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
July 14, 2022updated 16 Aug 2022 1:35pm

Apetito, Exela and G4S among seven alleged victims of ransomware gang Hive

Seven companies from around the world have apparently been breached by the prolific cybercriminals.

By Claudia Glover

Frozen food manufacturer Apetito and automation specialist Exela are among seven new alleged victims of ransomware gang Hive. The group posted details of what it says are its latest breaches on its dark web blog last night.

Hive ransomware victims
Apetito, which provides ready meals to UK healthcare providers and schools, fell victim to a cyberattack last month. Hive has claimed responsibility. (Photo by NORRIE3699/iStock)

Hive also lists IT consultancy AdaptIT, Spanish television channel RTVCM, multinational construction company Sando, security business G4S Australia and US marketing firm Authentic Brands Group among the companies it claims to have breached.

Apetito confirmed it had been the victim of a “sophisticated, criminal cyberattack” at the end of June. “We currently have no access to our IT-supported systems because our servers have been attacked,” the company said at the time. The incident led to a week of delivery disruption for the company’s UK-based subsidiary, Wiltshire Farm Foods, which provides ready meals to schools, hospitals and care homes.

None of the other alleged victims have publicly reported cyberattacks in recent months. Nasdaq-listed Exela provides automation services to more than 4,000 customers globally, including banks and US federal departments, and reported revenue of $1.2bn. Hive says it encrypted its data on June 20.

A ransomware attack on its systems could lead to a supply chain breach similar to last year’s attack on the Kaseya Group, which saw 1,500 of the IT service provider’s customers hacked after its systems were breached.

Exela is listed as a victim on the Hive blog. (Photo by Searchlight Security)

Hive does not provide further details of whether ransoms have been paid by any of its alleged victims.

Hive ransomware group growing in prominence

As reported by Tech Monitor earlier this week, Hive has been particularly active in recent months, with many of its victims coming from the healthcare sector.

Content from our partners
How the retail sector can take firm steps to counter cyberattacks
How to combat the rise in cyberattacks
Why email is still the number one threat vector

Hive has also switched programming languages recently, coding its malware in Rust to try and make it harder to detect. Analysts believe this could indicate Hive has taken on members of Conti, the formerly prolific ransomware group which disbanded last month following a high-profile campaign against Costa Rica.

Swelling its ranks with ex-Conti members may have helped Hive in its recent attacks. But security analysts have previously noted that the groups listed the same victims on their dark web sites, perhaps indicating that close links between them have existed for some time.

Read more: How AI will extend the scale and sophistication of cybercrime

Topics in this article:
Websites in our network
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy
SUBSCRIBED

THANK YOU