US shuts down major global ransomware group Hive


Garland (middle), with FBI Director Christopher Wray (right) and Monaco, holding a press conference to announce an international ransomware enforcement action, at the Justice Department in Washington, DC, on January 26, 2023. The US Justice Department announced Thursday it had shut down the Hive ransomware operation, which had extorted more than US$100mil from more than 1,500 victims worldwide. — AFP

WASHINGTON: The US Justice Department announced on Jan 26 it had shut down the Hive ransomware operation, which had extorted more than US$100mil (RM422.95mil) from more than 1,500 victims worldwide.

US Attorney General Merrick Garland said that US authorities working with German and Netherlands law enforcement took over Hive’s website and servers after having infiltrated it for nearly seven months.

The infiltration helped hundreds of companies avoid paying US$130 million in extortion demands made after Hive hacked and froze their data systems.

Deputy Attorney General Lisa Monaco called the operation to infiltrate Hive a “21st-century cyber stakeout”.

“We hacked the hackers,” she said.

Hive operated as a ransomware service, meaning anyone could hire its software and other services to help hack into and lock down a target’s IT systems, and to process payments. Hive and the client would share the profits from the extortion.

Since it first emerged in 2021 more than 1,500 companies and institutions have been hacked – their IT systems or databases encrypted by Hive and backup deleted or rendered inaccessible.

The hackers would demand large payments, often in cryptocurrency, in exchange for freeing up the systems.

If victims refused to pay, Hive would publish confidential internal files and documents on the Internet.

Victims included India’s Tata Power, German retail giant Media Markt, Costa Rica’s public health service, Indonesia’s state gas company and multiple US hospital groups, according to cybersecurity advisors.

Early on Thursday, Hive’s website on the dark web was frozen and a screen alternating in English and Russian said it had been taken over by the US Federal Bureau of Investigation.

US officials said that by breaking into Hive’s dark-web site and collecting information, Justice authorities were able to obtain the digital keys necessary to unlock a victim’s frozen data so that they were not forced to pay Hive.

This helped prevent a Texas school district, and Louisiana hospital, and an unnamed foods services company from having to pay millions of dollars in ransom after being hit by a Hive attack, for example, they said.

“For months, we helped victims defeat their attackers and deprived the Hive network of extortion profits,” said Monaco.

US authorities would not say who is behind Hive or whether any arrests would accompany the shutdown of the operation, saying the investigation is ongoing.

The investigation involved the US FBI, the German Reutlingen Police Headquarters, the German Federal Criminal Police, the Netherlands National High Tech Crime Unit, and Europol. – AFP

Follow us on our official WhatsApp channel for breaking news alerts and key updates!

Ransomware

   

Next In Tech News

Sirius XM found liable in New York lawsuit over subscription cancellations
US Supreme Court tosses case involving securities fraud suit against Facebook
Amazon doubles down on AI startup Anthropic with another $4 billion
Factbox-Who are bankrupt Northvolt's creditors?
UK should use new powers to probe Apple-Google mobile browser duopoly, report says
EU regulators scrap probe into Apple's e-book rules after complaint was withdrawn
Hyundai recalls over 145,000 electrified US vehicles on loss of drive power
'World of Warcraft' still going strong as it celebrates 20 years
Northvolt CEO steps down, saying group needs up to $1.2 billion
Bitcoin at record highs, sets sights on $100,000

Others Also Read