Law enforcement agencies in the United States and Europe have seized the infrastructure behind Hive, one of the most illustrious ransomware operations.
Hive’s dark web portal was seized as part of a coordinated law enforcement operation conducted by the United States Department of Justice, the FBI, the Secret Service, and several European government agencies, just months after the federal government’s cybersecurity unit CISA raised concerns about Hive’s ongoing extortion efforts.
Since June 2021, the Hive group, which uses a ransomware-as-a-service (RaaS) model, has targeted over 1,500 victims worldwide and has amassed over $100 million in crypto extortion payments.
Last night, the Justice Department dismantled an international ransomware network responsible for extorting and attempting to extort hundreds of millions of dollars from victims in the United States and around the world.Attorney General Merrick B. Garland stated.
The FBI confirmed on Thursday that it had had access to Hive’s computer network since July 2022, allowing federal agents to capture and distribute Hive’s decryption keys to victims all over the world. According to the affidavit, the FBI has assisted at least 336 victims of the Hive ransomware since its takeover, stopping more than $130 million in ransom payments.
The FBI also successfully disrupted a Hive ransomware attack on a Louisiana hospital, saving the victim from a $3 million ransom payment, and another attack on a Texas school, according to the government.
There was no mention of arrests in the announcement. However, the servers used by the Hive group to communicate with other members were seized by German and Dutch authorities. This was described as “disrupting Hive’s ability to attack and extort victims.”
“While this is definitely a win, this is by no means the end of ransomware,” said Jordan LaRose, practise director for Infrastructure Security at NCC Group, via email. “We have already seen a reemergence from REvil, and Hive will likely follow suit in some form.”
Ransomware groups, such as Hive, create harmful software that infiltrates computer systems using techniques such as phishing emails. They then hold the system and its users ransom, demanding payment in exchange for the decryption keys that will release the hold on the system.
One instance of this was the Hive attack on a Midwestern hospital, which not only disrupted care during the COVID-19 pandemic, but also forced the hospital to pay a ransom before they could provide online treatment to their patients.
As stated by the Justice Department, other victims of ransomware attacks include school districts, financial companies, and essential infrastructure.
