Officials from several countries in Europe and North America have announced the disruption of a cybercriminal network that targeted various organizations around the world for two years. The group, known as the Hive Ransomware community, had extorted more than $130 million in cryptocurrency payments.
Recovered decryption keys have been shared with victims and have prevented them from paying over $130 million in ransom
The Hive Ransomware gang has attacked over 1,500 victims in more than 80 countries. This operation was led by the United States Department of Justice (DOJ) with the assistance of Europol, the European Union’s law enforcement cooperation agency. Other countries involved included the United Kingdom, Canada and EU member states.
Hive Ransomware was identified as a major security threat. It was used to compromise and encrypt information systems of government facilities, oil and gas multinationals, and IT companies in the EU. According to Europol, hospitals, schools, financial institutions and other infrastructures were targeted. The U.S. Justice Department also reported this.
This particular ransomware strain is one of the most successful, having netted at least $100 million from victims since its inception in 2021. The blockchain forensics company Chainalysis has reported that the revenue from these attacks has decreased in the past year due to a growing number of affected organizations that had refused to pay ransoms.
Bulletins issued by law enforcement authorities revealed that the FBI broke into the Hive’s computer systems in July 2022 and captured their decryption key which they then shared with all victims around the world. This allowed them to prevent them from paying $130 million.
With the help of the German Federal Police, the Netherlands High-Tech Crime Unit and the U.K.’s National Crime Agency, the FBI is now in control of all servers and websites that the Hive used to communicate with victims and its affiliates. It has not been made public where the stolen data was stored.
The coordinated disruption of Hive’s computer networks, which resulted from the relentless search for technical information to share with our victims, is an example of what we can achieve.
Hive Ransomware was created, maintained and updated by developers and employed by affiliates in a “ransomware-as-a-service” (RaaS) double extortion model, Europol explained. Initially, affiliates would steal data and then encrypt it before demanding a ransom. Attackers were reported to have used a variety of exploits to gain access and a range of tactics including single-factor logins, Remote Desktop Protocol (RDP), Virtual Private Networks (VPNs), and other remote connection protocols, as well as phishing using malicious attachments and credentials.
Can we expect law enforcement agencies around the world to dismantle more ransomware networks in the near future? You can leave your thoughts in the comment section below.