The FBI has seized computer infrastructure used by a notorious ransomware gang that has extorted more than $100 million from hospitals, schools and other victims around the world, U.S. officials announced Thursday.
Since July, FBI officials have had extraordinary access to the so-called Hive ransomware group’s computer network, allowing the bureau to pass computer “keys” to Victims so they can decrypt their systems and prevent the $1.3 million ransom.
As of November, the Hive ransomware had been used to extort about $100 million from more than 1,300 companies around the world — many of them healthcare companies, according to U.S. officials.
Hive’s dark web site listing its victims shows a message in Russian And on Thursday, it was taken over by the FBI, Secret Service and a host of European government agencies “as part of a coordinated law enforcement operation” against the group.
“Simply put, we attacked the hackers using legal means,” Justice Deputy Attorney General Lisa Monaco told reporters.
Hive ransomware is especially prevalent in the healthcare sector. A ransomware attack using Hive malware in August 2021 forced a hospital in the Midwest to turn away patients as Covid-19 surged, Attorney General Merrick Garland said.
Other reported Hive victims included a 314-bed hospital in Louisiana. The hospital said it foiled a ransomware attack in October, but hackers still stole the personal data of nearly 270,000 patients.
“Hive compromises the safety and well-being of hospital patients — one of our most vulnerable populations,” said Errol Weiss, chief security officer at the Center for Health Information Sharing and Analysis, a cyber threat sharing network for large healthcare providers around the world. organize. “When hospitals are attacked and the healthcare system collapses, people die.”
Thursday’s announcement is the latest in a series of moves by the Justice Department to crack down on overseas ransomware groups that lock computers at U.S. companies, disrupt their operations and demand millions of dollars to unlock systems. Justice officials seized millions of dollars in ransomware payments and urged companies not to pay criminals back.
The ransomware epidemic took on added urgency for U.S. officials just days after Colonial Pipeline, a major pipeline operator delivering fuel to the East Coast, shut down in May 2021 due to a suspected ransomware attack by Russian cybercriminals. The disruption has led to long queues at gas stations in several states as people stock up on fuel.
While the ransomware economy remains lucrative, there are signs that a crackdown by U.S. and international law enforcement is sapping hackers’ revenues. Ransomware revenue will drop to about $457 million in 2022 from $766 million in 2021, according to cryptocurrency tracker Chainalysis.
Cybersecurity professionals welcomed Hive’s delisting, but some worried that another group would soon fill the void left by Hive.
“The disruption of Hive’s services won’t lead to a severe drop in overall ransomware activity, but it is a blow to a dangerous group that puts lives at risk by attacking the healthcare system,” John Hultquist Mandiant, vice president of the Google-owned cybersecurity firm, told US CNN.
“Unfortunately, the criminal market at the heart of the ransomware problem ensures that Hive’s competitors will readily offer a similar service in their absence, but they may think twice before allowing their ransomware to be used against hospitals OK,” Hultquist said.
Ray said the FBI will continue to track down those behind the Hive ransomware and try to apprehend them. It is not yet clear where those individuals are located. The Department of Health and Human Services describes Hive as a “possibly Russian-speaking” group.
This story has been updated with more details.