Justice ‘Hacked the Hackers’ of Hive Ransomware, Stopping $130M in Demands

/in


After a months-long effort, the Department of Justice has disrupted the Hive ransomware group—which the FBI labeled a top 5 ransomware threat—according to an announcement on Thursday.

The efforts of the DOJ and international partners “hacked the hackers,” hindering $130 million in ransom demands, according to Deputy Attorney General Lisa O. Monaco.

Hive ransomware group went after more than 1,500 victims in 80-plus countries, the announcement noted. Victims included hospitals, school districts, financial firms and critical infrastructure. 

These attacks have greatly disrupted victims’ operations, such as impacting a hospital’s response to COVID-19, the DOJ stated. Specifically, one hospital had to use analog methods to treat existing patients and could not accept new patients after the attack. 

“Last night, the Justice Department dismantled an international ransomware network responsible for extorting and attempting to extort hundreds of millions of dollars from victims in the United States and around the world,” Attorney General Merrick B. Garland said in a press release. “Cybercrime is a constantly evolving threat. But as I have said before, the Justice Department will spare no resource to identify and bring to justice anyone, anywhere, who targets the United States with a ransomware attack. We will continue to work both to prevent these attacks and to provide support to victims who have been targeted. And together with our international partners, we will continue to disrupt the criminal networks that deploy these attacks.”

The FBI infiltrated Hive’s networks in July 2022 and remained to capture the group’s decryption keys. The FBI provided more than 300 decryption keys to victims under attack and more than 1,000 decryption keys to previous victims, preventing victims from having to pay $130 million in ransom demands. Beginning in June 2021, the ransomware group was able to extort more than $100 million in ransom payments, before the FBI operation.

As noted in the announcement, Hive utilized a ransomware-as-a-service, or RaaS, model that included administrators—occasionally called developers—and affiliates. According to the announcement, RaaS is a…

Source…