US disrupts ransomware group Hive, saving victims from paying $130M

By Ovunc Kutlu

ISTANBUL (AA) - The US Justice Department announced Thursday that it has disrupted the operations of major ransomware group Hive, which targeted more than 1,500 victims in over 80 countries around the world.

The Federal Bureau of Investigation (FBI) has penetrated Hive’s computer networks since late July 2022, captured its decryption keys and offered them to victims worldwide, while it prevented victims from having to pay $130 million in ransom demanded, it said in a statement.

While the FBI has provided over 300 decryption keys to victims who were under attack, it also distributed over 1,000 additional decryption keys to previous Hive victims, it added.

The Justice Department said it has seized control of the servers and websites that Hive uses to communicate with its members, in coordination with German law enforcement and the Netherlands National High Tech Crime Unit.

"Cybercrime is a constantly evolving threat," US Attorney General Merrick B. Garland said in a statement. "We will continue to work both to prevent these attacks and to provide support to victims who have been targeted. And together with our international partners, we will continue to disrupt the criminal networks that deploy these attacks."

"In ransomware attacks, transnational cybercriminals use malicious software to hold digital systems hostage and demand a ransom. Hive ransomware affiliates employed a double extortion model," he said.

Hive affiliates gain access to victims’ networks through a number of methods, which include single factor logins via Remote Desktop Protocol virtual private networks known as VPNs and by sending phishing emails with malicious attachments, according to the US Cybersecurity and Infrastructure Security Agency.

Some of Hive's targets included hospitals, school districts, financial firms and critical infrastructure, while the group received over $100 million in ransom payments since June 2021.

While Hive targets the most sensitive data in a victim's system to increase the pressure to pay, it publishes the data of victims who do not pay on the Hive Leak Site, according to the statement.

"We will continue to strike back against cybercrime using any means possible and place victims at the center of our efforts to mitigate the cyber threat," said Deputy Attorney General Lisa O. Monaco.

"We’ve made it clear that we will strike back against cybercrime using any means possible -- today’s action reflects that strategy...Simply put, using lawful means, we hacked the hackers," she added.

FBI Director Christopher Wray said his agency will continue to leverage its intelligence and law enforcement tools, global presence and partnerships to counter cybercriminals who target American businesses and organizations.