FBI turns tables on hackers in ransomware “cyber stakeout”

Share
In a 21st-century cyber stakeout that turned the tables on hackers, FBI covertly infiltrated Hive network, thwarting over US$130 million in ransom demands

The United States Justice Department announced yesterday it has successfully disrupted a global ransomware group known as Hive, which has claimed over 1,500 victims in more than 80 countries. 

The group, which has targeted hospitals, school districts, financial firms, and critical infrastructure, has been under investigation by the FBI since July 2022. In a coordinated effort with German and Dutch law enforcement agencies, the FBI was able to infiltrate Hive's computer networks, capture its decryption keys, and offer them to victims worldwide. This prevented victims from having to pay the US$130 million in ransom Hive had demanded.

Since infiltrating Hive's network in July 2022, the FBI has provided over 300 decryption keys to victims who were under attack and an additional 1,000 keys to previous victims. The Justice Department also announced that it has seized control of the servers and websites used by Hive to communicate with its members, effectively disrupting the group's ability to attack and extort victims.

“The Justice Department dismantled an international ransomware network responsible for extorting and attempting to extort hundreds of millions of dollars from victims in the United States and around the world,” says Attorney General Merrick B. Garland. “Cybercrime is a constantly evolving threat. But as I have said before, the Justice Department will spare no resource to identify and bring to justice, anyone, anywhere, who targets the United States with a ransomware attack.”

Hospitals had to ditch digital in ransomware attacks

Since June 2021, the Hive ransomware group has targeted more than 1,500 victims around the world and received over US$100 million in ransom payments.  

Hive ransomware attacks have caused major disruptions in victims' daily operations around the world and affected responses to the COVID-19 pandemic. In one case, a hospital attacked by Hive ransomware had to resort to analogue methods to treat existing patients and could not accept new patients immediately following the attack.   

Hive used a ransomware-as-a-service (RaaS) model featuring administrators, sometimes called developers, and affiliates. RaaS is a subscription-based model where the developers or administrators develop a ransomware strain and create an easy-to-use interface with which to operate it, and then recruit affiliates to deploy the ransomware against victims. Affiliates identified targets and deployed this readymade malicious software to attack victims and then earned a percentage of each successful ransom payment.

Deputy Attorney General Lisa O. Monaco says: “The Department of Justice’s disruption of the Hive ransomware group should speak as clearly to victims of cybercrime as it does to perpetrators. In a 21st-century cyber stakeout, our investigative team turned the tables on Hive, swiping their decryption keys, passing them to victims, and ultimately averting more than US$130 million dollars in ransomware payments. We will continue to strike back against cybercrime using any means possible and place victims at the centre of our efforts to mitigate the cyber threat.”

The coordinated disruption of Hive’s computer networks shows what authorities can accomplish with operations that hit adversaries hard, says FBI Director Christopher Wray. “The FBI will continue to leverage our intelligence and law enforcement tools, global presence, and partnerships to counter cybercriminals who target American business and organisations."

Assistant Attorney General Kenneth A. Polite, Jr. of the Justice Department’s Criminal Division says: “Our efforts, in this case, saved victims over a hundred million dollars in ransom payments and likely more in remediation costs. This action demonstrates the Department of Justice’s commitment to protecting our communities from malicious hackers and to ensuring that victims of crime are made whole.  Moreover, we will continue our investigation and pursue the actors behind Hive until they are brought to justice.”

Share

Featured Articles

Apple's Siri: How The Most Private AI Assistant Works

After a lawsuit, Apple is eager to prioritise privacy in Siri through its on-device processing, minimal data collection and advanced security protection

How The UK’s AI Plan Will Impact The Cybersecurity Sector

The UK’s £14bn AI investment requires enhanced cybersecurity measures as Kyndryl and Vantage Data Centres prepare for infrastructure expansion

Darktrace to Acquire Cado Security in Cloud Defence Push

AI cybersecurity firm Darktrace expands its cloud investigation capabilities through purchase of Cado Security, following recent acquisition by Thoma Bravo

Sophos MDR Reports 37% Customer Growth in Cybersecurity Push

Cyber Security

Netskope Data Shows Phishing Success Rate Tripled in 2024

Cyber Security

CrowdStrike Field CTO Warns of Identity-Based Attacks Shift

Cyber Security