Global law enforcement agencies celebrated this week after revealing a coordinated operation to thwart a variant of Hive ransomware.
According to the Department of Justice (DoJ), the Ransomware as a Service (RaaS) guise has targeted more than 1,500 victims in more than 80 countries since June 2021, generating an estimated $100 million in the process. is earning Victims included hospitals, schools, financial firms, and critical infrastructure players.
However, starting in late July 2022, the FBI has gained access to the group’s computer network, allowing them to obtain decryption keys and distribute them to Hive victims around the world, the DoJ said.
These 1,300+ keys seem to have saved victims an estimated $130 million in ransom demands.
In parallel with this operation, European police cooperated with the FBI to destroy critical infrastructure used by the group.
A total of 13 countries participated in the operation, including Great Britain, Canada, France, Norway, Portugal, Romania, Spain and Sweden. However, it was German and Dutch police who seized the servers Hive uses to communicate with its members and affiliates, as well as his website.
“The Department of Justice’s disruption of the Hive ransomware group should appeal as clearly to cybercrime victims as it does to perpetrators.
“In 21st Century Cyber Stakeout, our research team turned the tables on Hive, swiped decryption keys into victims, and ultimately avoided more than $130 million in ransomware payouts. bottom.”
Hüseyin Can Yuceel, a security researcher at Picus Security, said Hive was one of the most prolific ransomware groups in the last five years.
“The FBI press release does not give specific names. There are no accompanying indictments,” he added.
“Sophisticated ransomware attackers are not easy to identify, and even if they are identified, they may be out of reach of authorities. It interfered with operations.”
In that regard, the State Department reiterated its promise to pay “up to $10 million” for information regarding the whereabouts or identities of cybercriminals working for adversaries.
“If you have information linking Hive or other malicious cyber actors targeting critical infrastructure in the United States to foreign governments, please send us your tips via the Tor Tip Line. There may be,” it said via twitter.
HighGround CEO Mark Lamb has warned that the Hive members are likely to reappear.
“Infrastructure is only one factor in the gang’s success, and until law enforcement catches the criminals, they will resurface under new identities and have a brand new infrastructure ready to strike terror again.” Will DarkSide or BlackMatter ring a bell?” he argued.
“The removal and seizure of decryption keys is impressive and a big win for law enforcement, but the threat of ransomware is still looming.”
