U.S. Disrupts ‘Hive’ Ransomware Group
WASHINGTON—U.S. authorities seized the servers of the notorious Hive ransomware group after entering its networks and capturing keys to decrypt its software, the Justice Department said on Thursday, calling its effort a “21st-century cyber stakeout.”
The group linked to Hive ransomware is widely seen by authorities and cybersecurity experts as one of the most prolific and dangerous cybercriminal actors in recent years. They have been linked to attacks on more than 1,500 victims including hospitals and schools—and have extorted more than $100 million in ransom payments, the Justice Department said.
In an international operation that began in the summer in Tampa, Fla., FBI agents infiltrated Hive’s network and used the access to identify victims and provide them keys with which to take back control of their networks, officials said. The effort blocked some $130 million in demanded ransoms, department officials said.
“The FBI and our prosecutors have been inside the network of one of the world’s most prolific ransomware variants,” Deputy Attorney General
Lisa Monaco
said. “We hacked the hackers.
Officials didn’t announce arrests Thursday, but said their investigation was still under way. They declined to specify where the people behind the Hive ransomware were based. Experts have said the majority of criminal ransomware groups are based in Eastern Europe.
In coordinated operations on Wednesday, German and Dutch police seized servers associated with the group. Hive’s website was inaccessible Thursday, flashing a message stating it had been seized as part of a law-enforcement action.
Ransomware is a type of malicious code that infiltrates victim’s computer networks and locks up important files. Hackers then demand payment—often in bitcoin or another cryptocurrency—to release the files. The Hive group was known to punish victims who managed to restore their systems by infiltrating them again and reinfecting them with another variant.
Among its more notable traits, the Hive group—which researchers say has only been active for a couple of years—was often blamed for targeting hospital networks and forcing disruptions to patient care.
The Hive favored a ransomware-as-a-service model in which a core group of developers sell their ransomware code to affiliates, who then target victim networks. Such a profit-sharing arrangement has made it more difficult, at times, to identify hackers behind a ransomware group, officials and experts have said.
The group was responsible for a summer 2021 attack on a Midwest hospital that forced the facility to stop accepting new patients and use paper records, Attorney General
Merrick Garland
said, adding that it most recently targeted victims in Florida and California in the past month.
At the time, FBI Director
Christopher Wray
said the agency was investigating about 100 different types of ransomware, many tracing back to hackers in Russia. He also compared the spate of cyberattacks with the challenge posed by the Sept. 11, 2001, terrorist attacks.
Since then, the Justice Department and other agencies have sought to prioritize ransomware gang disruptions along with bringing criminal prosecutions against hackers.
Mr. Wray said Thursday the action against Hive was one of the largest cyber operations yet for the FBI. “I’m not sure we’ve had one that’s been quite this scale, in terms of the sheer number of keys we’ve been able to get access to and the sheer number of victims we’ve been able to help over this period of time,” he said.
Cybersecurity researchers said while the takedown was significant, it would hardly impact the overall ransomware epidemic.
“The disruption of the Hive service won’t cause a serious drop in overall ransomware activity but it is a blow to a dangerous group that has endangered lives by attacking the healthcare system,” said John Hultquist, head of intelligence analysis at Mandiant, a cybersecurity firm recently acquired by
Alphabet Inc.
“Unfortunately, the criminal marketplace at the heart of the ransomware problem ensures a Hive competitor will be standing by to offer a similar service in their absence, but they may think twice before allowing their ransomware to be used to target hospitals.”
—Sadie Gurman contributed to this article
Write to Aruna Viswanatha at [email protected] and Dustin Volz at [email protected]
Copyright ©2022 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8
For all the latest Technology News Click Here
For the latest news and updates, follow us on Google News.