Hive ransomware was seized after a joint US-German law enforcement crackdown that thwarted $130 million in demands for payment from more than 1,500 victims around the world, according to law enforcement authorities.
(Bloomberg) — Hive ransomware was seized after a joint US-German law enforcement crackdown that thwarted $130 million in demands for payment from more than 1,500 victims around the world, according to law enforcement authorities.
The FBI penetrated the group’s website starting in July, captured its decryption keys and offered them to victims in 80 countries, which included hospitals, schools, financial firms and critical infrastructure, according to the US Justice Department. The US then coordinated with law enforcement in Germany and the Netherlands.
“The Justice Department will spare no resource to identify and bring to justice anyone anywhere who targets the United States with a ransomware attack,” Attorney General Merrick Garland said at a press conference in Washington on Thursday. “Together with our international partners we will continue to disrupt the criminal networks that deploy these attacks.
When probing a cyberattack against a company last year, cyberspecialists with the police in the southern German city of Esslingen traced the scam to the Hive network and gave their international law enforcement partners “the crucial clue,” Stuttgart prosecutors said in a statement. An investigative team led by the FBI infiltrated the hive network, watched its activity and stole the keys, Deputy Attorney General Lisa Monaco said.
‘We Hacked the Hackers’
“Simply put, using lawful means, we hacked the hackers,” Monaco sad.
The Hive site on Thursday had a notice saying the Federal Bureau of Investigation had seized it “as part of a coordinated law enforcement action taken against Hive Ransomware.”
Read More: Fewer Companies Are Paying Ransoms to Hackers, Researchers Say
The Hive group over about three years received more than $100 million in ransom payments from 1,500 victims, causing disruptions around the world that affected responses to the Covid pandemic, among other attacks. The Justice Department said in a statement Thursday that one attack left a hospital forced to use analog methods to treat patients and unable to accept new patients.
Along with breaching organizations and demanding an extortion fee, Hive would broadcast stolen information, including patient data and employee information from victims, the FBI said last year. The technique represented a kind of double-extortion tactic that intruders increasingly use to step up the pressure on their victims to pay a fee, usually in Bitcoin.
The Hive hacking group was first observed in June 2021, according to the US.
Hive victims have included the Bank of Zambia, which last year said it declined to pay a ransom, as well as US health care providers and Indonesia’s state-backed oil and gas company.
Read More: Ransomware Attackers Get Short Shrift From Zambian Central Bank
Microsoft Corp. has released a security alert about the group, saying Hive has emerged as one of the most prevalent examples of the “ransomware as a service” model. That description applies to cybercriminal groups that lease access to their tools to separate partners, taking a cut of the proceeds after a successful digital extortion.
More stories like this are available on bloomberg.com
©2023 Bloomberg L.P.