hiveleak attacks Exela Technologies

Incident Date:

July 13, 2022

World map



hiveleak attacks Exela Technologies


Exela Technologies




Beograd, Serbia

Beograd, Serbia

First Reported

July 13, 2022

Exela Technologies Suffers Ransomware Attack by Hive Leak Group

Company Overview

Exela Technologies is a global provider of business process automation solutions, focusing on automating key financial processes, human capital management, healthcare payers and revenue cycle management, payment technologies and services, data science solutions, and hyper automation and work from anywhere services. The company boasts a presence in over 50 countries and serves more than 4,000 customers.

Vulnerabilities and Threats

The ransomware attack on Exela Technologies underscores the growing threat of cyberattacks on businesses, especially those leveraging cloud-enabled solutions and third-party service providers. Hive Leak, the group behind this attack, has recently increased its activity, targeting numerous entities within the healthcare sector. Notably, the group has transitioned to using Rust for programming, complicating the detection of their malware.

Mitigation Strategies

Although specific details regarding the Exela Technologies attack remain undisclosed, the incident highlights the critical need for comprehensive cybersecurity measures. Businesses should enforce strong password policies, secure cloud-based solutions, and remain vigilant against social engineering tactics. Regular application of software patches and attention to coding/configuration errors are essential, along with a thorough evaluation of the security posture of third-party service providers.

The ransomware attack on Exela Technologies is a stark reminder of the persistent cyber threats facing businesses, particularly within the business process automation industry. As Exela Technologies recovers from this incident, it is imperative for the company and others to prioritize cybersecurity to fend off future attacks.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.