On Thursday, the FBI revealed that it had secretly hacked and disrupted Hive, a ransomware gang known for its prolific nature.
This manoeuvre allowed the FBI to stop the group from collecting ransomware demands of more than 300 victims from more than $ 130 million.
U.S. attorney general Merrick Garland, FBI director Christopher Wray and Deputy U.S. attorney general Lisa Monaco stated that government hackers had broken into Hive’s network, placing the gang under surveillance. They also stole digital keys used by the group to unlock the data of victim organizations.
The victims were notified in advance and could take precautions to safeguard their systems before Hive demanded payments.
Monaco stated to reporters that hackers were hacked using legal means. “We reversed the roles of Hive.”
The first leak of information about the takedown occurred on Thursday morning when Hive’s website had been replaced by a flashing message saying: “The Federal Bureau of Investigation took this site in coordination with law enforcement actions taken against Hive Ransomware.”
The servers of Hive were also taken by the German Federal Criminal Police as well as the Dutch National High Tech Crime Unit.
Udo Vogel, the German police commissioner, stated that “Intensive cooperation across borders and continents, characterized with mutual trust, is key to combating serious cybercrime effectively.” He was speaking in a statement by Baden-Wuerttemberg police and prosecutors, who also assisted in the investigation.
Reuters could not locate the contact information for Hive immediately. It is not clear where they are located geographically.
Hive’s capture is different from other ransomware cases that the U.S. Justice Department announced in recent years. This includes a cyber attack on the Colonial Pipeline Co.
After the company had already paid hackers, the Justice Department took $2.3 million in cryptocurrency ransom.
Hive demanded that the payments be made, but there were no seizures. The undercover infiltration began in July 2022 and was not detected by the gang.
Hive was the most prolific of a variety of cybercriminal groups that extort international companies by encrypting data and demanding large cryptocurrency payments in return.
According to the Justice Department, Hive targeted more than 1,500 victims across 80 countries over the years and collected ransomware payments of more than $100 million.
However, no arrests were made Wednesday. Garland stated that the investigation was ongoing. One department official advised reporters to “stay tuned.”
Garland stated that the FBI helped many victims, including a Texas school system.
He said that the bureau had provided decryption keys for the school district to save it from having to pay a ransom of $5 million. The bureau also spared $3 million from a Louisiana hospital.
Hive was a ransomware-as-a-service organization (sometimes abbreviated RaaS) which means that it farmed out aspects of its hacking spree to affiliates in exchange for a cut of the proceeds.
Canadian researcher Brett Callow of cybersecurity company Emsisoft stated in an email that it was “one the most active groups around” and “if not the most actively.”
For years, international law enforcement has been trying to defeat ransomware. This ransomware-like plague has periodically crippled government agencies, companies and increasingly critical infrastructure.
Jim Simpson, Director of Threat Intelligence at British firm Searchlight Cyber, said that Hive’s hackers won’t be arrested until they “either open shop under another brand or get recruited into RaaS groups.”
Simpson supported the move and stated that the operation had incurred a substantial cost to Hive’s activities.