Law enforcement authorities from more than a dozen countries in Europe and North America participated in disrupting the activities of the Hive ransomware group, the US Department of Justice and Europol announced. Hive is believed to have targeted various organizations worldwide in the past two years, often extorting payments in cryptocurrency.
Captured Decryption Keys Helped Hive Victims Avoid Paying $130 Million in Ransom
Ransomware network Hive, which had around 1,500 victims in more than 80 countries, was hit in a month-long disruption campaign, the US Department of Justice (DOJ) and the European Union Agency for Law Enforcement Cooperation (Europol) revealed. A total of 13 nations took part in the operation, including EU member states, the United Kingdom and Canada.
Hive was identified as a major cybersecurity threat because the ransomware was used by affiliated actors to compromise and encrypt data and computer systems of government facilities, oil multinationals, IT and telecommunications companies in the EU and the US, Europol said. Hospitals, schools, financial firms and critical infrastructure were targeted, the DOJ noted.
It was one of the most prolific ransomware strains, Chainalysis indicated, collecting at least $100 million from victims since its launch in 2021. Recent a report of the blockchain forensics company revealed that revenue from such attacks declined last year, with an increasing number of affected organizations refusing to pay the required ransoms.
According to the announcements of the law enforcement authorities, the US Federal Bureau of Investigation (FBI) penetrated Hive’s computers in July 2022 and captured its decryption keys, providing them to victims around the world, which prevented them from paying an additional $130 million.
Working with the German Federal Police and the Dutch High Tech Crime Unit, the Bureau has now seized control of the servers and websites that Hive used to communicate with its members and the victims, including the obscure web domain where the stolen data was sometimes posted. FBI Director Christopher Wray was quoted as stating:
The coordinated disruption of Hive’s computer networks… shows what we can do by combining a relentless search for useful technical information to share with victims.
The Hive ransomware was created, maintained and updated by developers while being employed by affiliates in a “ransomware-as-a-service” (RaaS) model of double blackmail, explained Europol. The affiliates would initially copy the data and then encrypt the files before asking for a ransom to decrypt the information and not publish it on the leak site.
The attackers exploited various vulnerabilities and used a number of methods, including single-factor logins via Remote Desktop Protocol (RDP), virtual private networks (VPN) and other remote network connection protocols as well as phishing emails with malicious attachments, the law enforcement agencies. detailed
Do you expect law enforcement authorities around the world to dismantle more ransomware networks in the near future? Tell us in the comments section below.
Image Credits: Shutterstock, Pixabay, WikiCommons
Disclaimer: This article is for informational purposes only. It is not a direct offer or solicitation of an offer to buy or sell, or a recommendation or endorsement of any products, services or companies. Bitcoin.com does not provide investment, tax, legal or accounting advice. Neither the company nor the author is responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use or reliance on any content, goods or services mentioned in this article.