Frozen food manufacturer Apetito and automation specialist Exela are among seven new alleged victims of ransomware gang Hive. The group posted details of what it says are its latest breaches on its dark web blog last night.
Hive also lists IT consultancy AdaptIT, Spanish television channel RTVCM, multinational construction company Sando, security business G4S Australia and US marketing firm Authentic Brands Group among the companies it claims to have breached.
Apetito confirmed it had been the victim of a “sophisticated, criminal cyberattack” at the end of June. “We currently have no access to our IT-supported systems because our servers have been attacked,” the company said at the time. The incident led to a week of delivery disruption for the company’s UK-based subsidiary, Wiltshire Farm Foods, which provides ready meals to schools, hospitals and care homes.
None of the other alleged victims have publicly reported cyberattacks in recent months. Nasdaq-listed Exela provides automation services to more than 4,000 customers globally, including banks and US federal departments, and reported revenue of $1.2bn. Hive says it encrypted its data on June 20.
A ransomware attack on its systems could lead to a supply chain breach similar to last year’s attack on the Kaseya Group, which saw 1,500 of the IT service provider’s customers hacked after its systems were breached.
Hive does not provide further details of whether ransoms have been paid by any of its alleged victims.
Hive ransomware group growing in prominence
As reported by Tech Monitor earlier this week, Hive has been particularly active in recent months, with many of its victims coming from the healthcare sector.
Hive has also switched programming languages recently, coding its malware in Rust to try and make it harder to detect. Analysts believe this could indicate Hive has taken on members of Conti, the formerly prolific ransomware group which disbanded last month following a high-profile campaign against Costa Rica.
Swelling its ranks with ex-Conti members may have helped Hive in its recent attacks. But security analysts have previously noted that the groups listed the same victims on their dark web sites, perhaps indicating that close links between them have existed for some time.