Jan 27 – According to U.S. documents, the Hive ransomware network extorted over $100M from over 1,500 victims who spanned 80 countries around the globe. Victims included hospitals, financial institutions, critical infrastructure groups and educational entities.
In a statement on Thursday, U.S. Attorney General Merrick Garland stated, “Cybercrime is a constantly evolving threat. But as I have said before, the Justice Department will spare no resource to identify and bring justice [to] anyone, anywhere, who targets the United States with a ransomware attack.”
U.S. authorities have since brought down the Hive ransomware network. This takedown occurred as part of a broader effort to disrupt ransomware initiatives, which can have severe social and economic repercussions.
The Hive takedown
The U.S. Department of Justice stated that the FBI began to infiltrate the Hive computer networks beginning in July of 2022. The FBI captured decryption keys, which were then circulated to Hive ransomware victims, helping victims avoid paying ransoms.
“Since infiltrating Hive’s network in July 2022, the FBI has provided over 300 decryption keys to Hive victims who were under attack. In addition, the FBI distributed over 1,000 additional decryption keys to previous Hive victims.”
The Hive ransomware operation functioned ‘as-a-service,’ meaning that any hacker could hire its software and other services for malicious intent. Once the target agreed to pay a ransom, the corresponding profits were divided between the Hive group and the hackers who hired Hive’s services.
In the event that a victim refused to pay, Hive commonly published confidential corporate files on the internet.
At this time, U.S. officials have not disclosed who is behind Hive or whether or not any arrests were made.
For more Hive insights, see CyberTalk.org’s past coverage. If your organization needs to revise or upgrade its security strategy, be sure to attend Check Point’s upcoming CPX 360 event. Register here.
Lastly, to receive cutting-edge cyber security news, best practices and resources in your inbox each week, please sign up for the CyberTalk.org newsletter.