US Seizes Servers Of Prolific Ransomware Gang Hive

FBI has hacked the hackers, after it “covertly infiltrated Hive Network, thwarting over $130m in ransom demands”

US officials on Thursday claimed to have landed a significant blow against ransomware criminals, after covertly hacking into their network.

The US Department of Justice (DoJ) announced that the FBI had covertly infiltrated the Hive Network (not to be confused with the UK home automation firm), thwarting over $130 million in ransom demands.

It said that it had conducted a “months-long disruption campaign against the Hive ransomware group that has targeted more than 1,500 victims in over 80 countries around the world, including hospitals, school districts, financial firms, and critical infrastructure.”

Hive takedown

The FBI had penetrated Hive’s computer networks since July 2022 and captured its decryption keys, and offered them to victims worldwide.

This prevented victims from having to pay $130 million in ransom demanded, and the FBI has apparently provided over 300 decryption keys to Hive victims who were under attack.

In addition, the FBI distributed over 1,000 additional decryption keys to previous Hive victims.

And the US DoJ also announced on Thursday that in co-ordination with German law enforcement and the Netherlands National High Tech Crime Unit, it has seized control of the servers and websites that Hive uses to communicate with its members, disrupting Hive’s ability to attack and extort victims.

“Last night, the Justice Department dismantled an international ransomware network responsible for extorting and attempting to extort hundreds of millions of dollars from victims in the United States and around the world,” said Attorney General Merrick B. Garland.

“The Department of Justice’s disruption of the Hive ransomware group should speak as clearly to victims of cybercrime as it does to perpetrators,” added Deputy Attorney General Lisa O. Monaco. “In a 21st century cyber stakeout, our investigative team turned the tables on Hive, swiping their decryption keys, passing them to victims, and ultimately averting more than $130 million dollars in ransomware payments.”

“The co-ordinated disruption of Hive’s computer networks, following months of decrypting victims around the world, shows what we can accomplish by combining a relentless search for useful technical information to share with victims with investigation aimed at developing operations that hit our adversaries hard,” said FBI Director Christopher Wray.

Prolific criminals

Since June 2021, the Hive ransomware group has targeted more than 1,500 victims around the world and received over $100 million in ransom payments.

Hive operated as a ransomware-as-a-service organisation (sometimes abbreviated RaaS) which means that it farmed out aspects of its hacking spree to affiliates in exchange for a cut of the proceeds.

News of the takedown was revealed on Thursday morning when Hive’s website was replaced with a flashing message that said: “The Federal Bureau of Investigation seized this site as part of co-ordinated law enforcement action taken against Hive Ransomware.”