WASHINGTON, Jan 26 (Reuters) – The FBI revealed on Thursday it had secretly hacked into and disrupted a prolific ransomware gang called Hive, a tactic that allowed the bureau to stop the group from 300 More than $130 million in ransomware demands were collected from multiple victims.
At a news conference, U.S. Attorney General Merrick Garland, FBI Director Christopher Frey and U.S. Deputy Attorney General Lisa Monaco said government hackers broke into Hive’s network and put the gang under surveillance, secretly. Digital key data used by the group to unlock victim organizations was stolen.
They were then able to alert victims in advance so they could take steps to secure their systems before Hive demanded payment.
“Using legal means, we attacked the hackers,” Monaco told reporters. “We turned it around with Hive.”
News of the takedown first leaked Thursday morning when Hive’s website was replaced by a flashing message: “The FBI has seized this website as part of a coordinated law enforcement action against Hive ransomware.”
Hive’s servers were also seized by the German Federal Criminal Police and the Dutch National High-Tech Crime Service.
“Close cross-border and continental cooperation characterized by mutual trust is an effective way to combat serious cybercrime,” German police chief Udo Vogel said in a statement issued by Baden-Württemberg police and prosecutors assisting with the investigation. The essential.” .
Reuters could not immediately find Hive’s contact details. It’s not clear where they are geographically.
Hive’s removal is unlike some of the other high-profile ransomware cases the U.S. Justice Department has announced in recent years, such as the 2021 cyberattack on Colonial Pipeline Co.
In this case, the Justice Department seized about $2.3 million in cryptocurrency ransom after the company had already paid the hackers.
Here, there were no seizures because investigators intervened before Hive demanded payment. The undercover infiltration operation began in July 2022 and has only now been discovered by the gang.
Ransom over $100 million
Hive is one of the most prolific of the many cybercriminal groups that blackmail international businesses by encrypting data and demanding large payments in cryptocurrency in return.
Over the years, Hive has collected more than $100 million in ransomware payments from more than 1,500 victims in 80 different countries, the U.S. Department of Justice said.
While no arrests were announced Wednesday, a department official told reporters to “stay tuned.”
Brett Callow, a Canadian researcher at cybersecurity firm Emsisoft, said Hive was responsible for at least 11 incidents last year involving U.S. government organizations, schools and health care providers.
“Hive is one of the most active groups around, if not the most active,” he said in an email.
Attorney General Merrick Garland said the FBI operation helped a wide range of victims, including a school district in Texas.
“The bureau provided the school district with the decryption key to avoid paying a $5 million ransom,” he said. Meanwhile, a hospital in Louisiana saved $3 million.
Garland said the department’s investigation is still ongoing.
Reporting by Raphael Satter, Sarah N. Lynch and Katherine Jackson; Additional reporting by Rachel More in Berlin; Editing by Chizu Nomiyama and Rosalba O’Brien
Our Standards: The Thomson Reuters Trust Principles.