Disclosure context

About hive

Hive is a financially motivated ransomware group that emerged in August 2021, operating as a Ransomware-as-a-Service (RaaS) model to maximize their criminal enterprise's reach and profitability. The group is suspected to have origins in Eastern Europe based on their operational patterns and linguistic indicators, though definitive attribution remains unclear, and they operate independently while recruiting affiliates to conduct attacks on their behalf. Hive primarily gains initial access through compromised Remote Desktop Protocol (RDP) credentials, phishing campaigns, and exploitation of known vulnerabilities in public-facing applications, subsequently deploying their custom ransomware payload that uses a combination of RSA and AES encryption algorithms while simultaneously exfiltrating sensitive data before encryption to enable double extortion tactics where they threaten to publish stolen information if ransom demands are not met. The group has targeted over 208 victims globally with a particular focus on manufacturing companies, business services, information technology firms, healthcare services, and internet and telecommunication services, primarily in the United States, United Kingdom, Netherlands, Indonesia, and China, including notable attacks against healthcare systems and critical infrastructure that drew significant attention from law enforcement agencies. In January 2023, the FBI announced the successful disruption of Hive's operations, seizing their dark web leak sites and decryption keys, effectively dismantling the group's infrastructure and providing free decryption tools to victims. The group has been linked to 208 public disclosures across our corpus. First observed on a leak site on August 14, 2021; most recent post January 16, 2023. The operation is currently inactive.

Timeline of this disclosure

January 16, 2023R C Stevens Construction listed by hiveon the group's public leak site

Sector and geography

This disclosure adds to ransomware activity in the Healthcare sector, which has 1,779 disclosures indexed across all operators we track. Geographically, R C Stevens Construction is reported in United States, a country with 7,392 ransomware disclosures in our corpus.

How we know this. Darkfield monitors public ransomware leak sites continuously, archiving every new disclosure and the data later released against the victim. Each entry on this page is sourced from the operator's own publication and cross-checked against complementary OSINT feeds (RansomLook, ransomware.live, RansomWatch). We do not collect or host stolen data — only the metadata, timestamps and screenshots needed to make the public disclosure searchable and accountable. Records here are corrected when the original post is edited, retracted, or merged with another disclosure.

Ransomware victim disclosure

← All victims

R. C. Stevens Construction Co.

listed as R C Stevens Construction · Claimed by hive · listed 3 years ago

40m

Age

since listed · data leaked

Status timeline

Listed
Jan 16, 2023
Data leaked

At a glance

Group: hive
Status: Data leaked
Country: United States
Sector: Healthcare
Listed on leak site: Jan 16, 2023

About the victim

AI dossier — public-source company profile

R. C. Stevens Construction Co. is a commercial construction firm headquartered in Winter Garden, Florida, serving Florida and the Southeast since 1926. The company provides new construction and renovation services with an emphasis on design/build across industrial, commercial, and healthcare markets. Services include preconstruction, general contracting, construction management, and design-build project delivery.

Industry: Commercial & Industrial Construction
Address: 28 S. Main Street, Winter Garden, FL 34787
Founded: 1926

Attack summary

Severity: high — Data has been confirmed as published by Hive, indicating successful exfiltration of business data. The company works across healthcare and commercial sectors, meaning project files and client data may include sensitive information tied to healthcare clients. Published data with no ransom resolution elevates severity to high.

The Hive ransomware group claims to have attacked R. C. Stevens Construction Co. and has published data as indicated by the disclosed status of 'data_published'; no specific ransom amount or data volume was stated in the post.

high

Data the group says was taken

AI dossier — extracted from the leak post

Business/project records
Client information
Financial documents
Employee records
Construction contracts

What the group claims

As commercial construction specialists in Orlando, we provide new construction and renovation services with an emphasis on design/build. R. C. Stevens is qualified to design and construct any type of commercial construction project in Orlando. We offer all of the necessary resources to meet each client’s specific project needs for design and construction services related to manufacturing/industrial, commercial, healthcare, financial, religious, and renovations. At. R. C. Stevens, the spirit of innovation can be found in each and every Orlando commercial construction project we do. Every team member at R.C. Stevens strives daily to uphold the founding principles of quality and integrity as having long been a company tradition since 1926.

Sources

Victim sitercstevens.com/

Source

Indexed 3 years ago

This page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.