US shuts down major global ransomware group Hive


Garland (middle), with FBI Director Christopher Wray (right) and Monaco, holding a press conference to announce an international ransomware enforcement action, at the Justice Department in Washington, DC, on January 26, 2023. The US Justice Department announced Thursday it had shut down the Hive ransomware operation, which had extorted more than US$100mil from more than 1,500 victims worldwide. — AFP

WASHINGTON: The US Justice Department announced on Jan 26 it had shut down the Hive ransomware operation, which had extorted more than US$100mil (RM422.95mil) from more than 1,500 victims worldwide.

US Attorney General Merrick Garland said that US authorities working with German and Netherlands law enforcement took over Hive’s website and servers after having infiltrated it for nearly seven months.

The infiltration helped hundreds of companies avoid paying US$130 million in extortion demands made after Hive hacked and froze their data systems.

Deputy Attorney General Lisa Monaco called the operation to infiltrate Hive a “21st-century cyber stakeout”.

“We hacked the hackers,” she said.

Hive operated as a ransomware service, meaning anyone could hire its software and other services to help hack into and lock down a target’s IT systems, and to process payments. Hive and the client would share the profits from the extortion.

Since it first emerged in 2021 more than 1,500 companies and institutions have been hacked – their IT systems or databases encrypted by Hive and backup deleted or rendered inaccessible.

The hackers would demand large payments, often in cryptocurrency, in exchange for freeing up the systems.

If victims refused to pay, Hive would publish confidential internal files and documents on the Internet.

Victims included India’s Tata Power, German retail giant Media Markt, Costa Rica’s public health service, Indonesia’s state gas company and multiple US hospital groups, according to cybersecurity advisors.

Early on Thursday, Hive’s website on the dark web was frozen and a screen alternating in English and Russian said it had been taken over by the US Federal Bureau of Investigation.

US officials said that by breaking into Hive’s dark-web site and collecting information, Justice authorities were able to obtain the digital keys necessary to unlock a victim’s frozen data so that they were not forced to pay Hive.

This helped prevent a Texas school district, and Louisiana hospital, and an unnamed foods services company from having to pay millions of dollars in ransom after being hit by a Hive attack, for example, they said.

“For months, we helped victims defeat their attackers and deprived the Hive network of extortion profits,” said Monaco.

US authorities would not say who is behind Hive or whether any arrests would accompany the shutdown of the operation, saying the investigation is ongoing.

The investigation involved the US FBI, the German Reutlingen Police Headquarters, the German Federal Criminal Police, the Netherlands National High Tech Crime Unit, and Europol. – AFP

Follow us on our official WhatsApp channel for breaking news alerts and key updates!

Ransomware

   

Next In Tech News

Opinion: In sunny Tahoe, a hollow-eyed tech billionaire pretends to be normal
An Apple AI blunder messed up headline summaries so badly some want the feature pulled
Google proposes altering contracts to correct illegal search monopoly
As elder fraud explodes, banks in the US beat back duty to call cops
Many Americans have come to rely on Chinese-made drones. Now lawmakers want to ban them
Apple seeks to defend Google's billion-dollar payments in search case
Iran lifts ban on WhatsApp and Google Play, state media says
India's push for home-grown satellite constellation gets 30 aspirants
Google Search has a surprise in store for 'Squid Game' fans
Blogs to Bluesky: social media shifts responses after 2004 tsunami

Others Also Read