The FBI stuns the Hive ransomware group after a 7-month covert operation
We are always reporting on companies getting breached and having to pay ransomware and so when the opposite happens and a cybercrime organisation gets taken down it’s always a cause for celebration. Such was the case last week when a 7-month operation by the FBI in collaboration with multiple international agencies led to the takedown of the notorious ransomware group, Hive.
After successfully infiltrating Hive, the US law enforcement agency took control of its servers and websites making it impossible for the group to conduct any further attacks.
Better yet, the FBI released decryption keys to over 300 companies that had been victims of the criminal group and would have ended up paying a total of $130 million in ransomware fees.
In a press conference, FBI Director Christopher Wray said that the company infiltrated Hive by posing as criminals and finally, together with German and Dutch law enforcement, the agency took down the gang’s infrastructure crippling their ability to sting again.
A concerning discovery that the agency made while inside Hive’s organisation was that only 40% of the gang’s victims reported being compromised to the authority.
The agency notes that the cybercrime group has targeted over 1500 people and organisations since June 2021, and ransomware payments of over $100 million have been made.
The gang is said to mainly target hospitals. The US Health and Human Services agency even issued an advisory against Hive in June, terming it as an “exceptionally aggressive” threat to the health sector. Some of its other victims include government facilities and companies in communications, critical manufacturing, and IT sectors.
Hive was also in the game of offering ransomware-as -a-service (Raas) where it created ransomware code and sold it to affiliate third parties in exchange for a percentage of the ransomware money. Moreover, the group had began extorting their victims twice, first by stealing sensitive data and threatening to sell it and then by encrypting the files and demanding ransom for the de-encryption key.
Even with all the atrocities it had committed, Hive was ranked as the 8th most active ransomware group in the final quarter of 2022 meaning their takedown is just a minor dent in the overall ransomware game.
“Unfortunately, the criminal marketplace at the heart of the ransomware problem ensures a Hive competitor will be standing by to offer a similar service in their absence,” says John Hultquist, head of threat intelligence at Mandiant.
But at least the cybercriminals will now think twice before acting because they never know if law enforcement is already inside their organisation.
There have been reports that Hive and other cybercrime groups have ties to the Russian government and the FBI is now offering a $10 million bounty for information that could help link Hive or any other criminal group with foreign governments.