Key Takeaways:
- A prominent ransomware group that the FBI and international partners investigated last year has had its network momentarily interrupted.
- Over 1,300 decryption keys were distributed to potential victims by law enforcement when they infiltrated the gang and eventually brought down the network.
The Federal Bureau of Investigation (FBI) and the U.S. Department of Justice (DOJ) have finished a months-long destabilization effort against the crypto-malware gang Hive Network, saving victims from paying US$130 million in ransom.
U.S. Attorney General Merrick B. Garland said in a statement that “last night, the Justice Department disrupted an international ransomware network guilty of embezzling and threatening to coerce hundreds of millions of dollars from victims in the United States and around the world.”
According to the DOJ, the FBI infiltrated Hive in July 2022 and distributed over 300 decryption keys to plaintiffs who were still under imminent threat. Furthermore, the FBI gave over a thousand decryption keys to previous malware group sufferers.
The department declared that it had seized possession of the servers and websites that Hive deploys to communicate with its members in synchronisation with German law enforcement (the German Federal Criminal Police and Reutlingen Police Headquarters-CID Esslingen) and the Netherlands National High Tech Crime Unit, preventing Hive from attacking and defrauding victims.
“Simply put, we hacked the hackers using legal means,” said deputy attorney general Lisa Monaco during a press briefing.
According to authorities, the designated syndicate, known as Hive, is one of the top five ransomware networks in the world and has primarily targeted the healthcare industry.
Hive normally exploits a victim by collecting sensitive data (emails, documents, images, and videos), after which it encrypts their computer files, as stated by the agency. The organisation would then seek a Bitcoin ransom for the secret key required to recover the files, and demand further money in return for a pledge not to post the stolen information on the dark web. If the victim didn’t pay, Hive would release the information that was taken.
Chainalysis, a blockchain analysis company, also announced the news and congratulated the justice department. The authorities believe that the coordinated destruction of Hive’s computer networks, which came after months of decrypting victims all over the world, demonstrates what can be achieved by melding an incessant search for technical data that can be shared with victims with research intended to create operations that severely harm our adversaries.
Given the consequences the entire crypto realm had to face after the FTX meltdown, the FBI aims to keep using its law enforcement and intelligence resources, global network, and partnerships to combat cybercriminals who prey on American companies and organisations.
