New ransomware variant: Hive group blackmails Media Markt and Saturn

Ransomware reaches a new level with the hacker group Hive: The hackers not only encrypt data, but also pull it from the servers of the attack victims. Then they threaten to publish sensitive data online. So the strategy of backing up data no longer works. That makes these attacks even more dangerous than traditional ransomware. Hive's most recent victim was the Ceconomy network (MediaMarkt/Saturn).

In its current IT security status report, the German Federal Office for Information Security (BSI) describes such attacks as "hush money extortion". The hacker group Hive has specialized in this approach and has been sending massive phishing emails to companies since mid-2021 in order to launch corresponding attacks. The phishing emails contain a link to a website via which the malware can be accessed on the computer. In addition to Ceconomy, companies from the medical sector have already been affected - which is particularly sensitive because it involved the theft of patient data.

Protection against the Hive Group is not possible with conventional security strategies. This is because the tool set of the malware used varies greatly. Classic AV scanners have no chance of keeping up with the detection. The perfidious thing is that tools are often used that are also required for other functions in the IT system - and therefore cannot simply be switched off.

How can you protect yourself from hive attacks?

R&S®Browser in the Box offers effective and proactive protection against the new ransomware variant. It protects both against an attacker gaining access to the corporate network and against data being sucked out. The decisive factor here is the multi-level security concept, which conventional “secure browsers” do not have:

  • The browser itself is locked away from the rest of the system in a virtual environment. Only explicitly wanted downloads are possible (no drive-by downloads). Malware is kept away from the rest of the user's PC.
  • All web pages are opened in isolation from the host system. An attack on the host system directly from the browser is therefore impossible.
  • The internal company network (intranet) and the Internet are completely separated from each other. Malware can therefore not report back to the command & control server to receive the initial commands for an attack. Malware also cannot upload data to a malware vendor's leak server. This makes data theft impossible.

For more information on the R&S®Browser in the Box, click here:

Contact Us

Vous avez des questions ou besoin d'informations supplémentaires ? Remplissez simplement ce formulaire et nous vous recontacterons rapidement.

Marketing de permission

Je souhaite recevoir des informations de Rohde & Schwarz via

Qu'est ce que cela signifie en détail ?

Je reconnais que les entités ROHDE & SCHWARZ GmbH & Co. KG et ROHDE & SCHWARZ ou toute autre société subsidiaire mentionnée au sein de ce site Internet, peuvent me contacter par le moyen de leur choix (email ou courrier) pour des raisons marketing et publicitaires (par exemple pour des informations sur des offres spéciales et des promotions) en relation avec, mais pas uniquement, des produits et des solutions dans les domaines du test et mesure, des communications sécurisées, de la surveillance et test des réseaux, des broadcasts et médias, ainsi que de cybersécurité.

Vos droits

Cette déclaration de consentement peut être révoquée à tout moment par l'envoi d'un courriel portant, dans son objet, la mention "Unsubscribe" (désinscription) à En outre, chaque courriel envoyé contient un lien vers une fonction de désinscription de publicités ultérieures adressées par courrier électronique. La "Déclaration de confidentialité" expose plus en détail l'utilisation des données personnelles, ainsi que la procédure de révocation de consentement.

Votre demande a bien été envoyée ! Nous vous contacterons dans les plus brefs délais.
An error has occurred, please try again later.