
What simply occurred? Ironically, a infamous ransomware-as-a-service (RaaS) gang was introduced down after the FBI infiltrated its techniques, disrupted operations, and took over its websites. Or, because the U.S. deputy legal professional common places it, they “attacked the hackers.”
U.S. Attorney General Merrick Garland, FBI Director Christopher Frey and U.S. Deputy Attorney General Lisa Monaco introduced at a information convention that the federal government will secretly infiltrate the Hive ransomware gang’s community in July 2022, adopted by a six-year months of surveillance.
During this infiltration, the federal government was capable of steal greater than 300 decryption keys from Hive and distribute them to compromised victims, stopping roughly $130 million in ransom funds, together with 500 from Texas college districts. Ten thousand U.S. {dollars}. The FBI additionally distributed greater than 1,000 extra decryption keys to earlier Hive victims.
The FBI used its entry to the Hive infrastructure to warn targets of an impending assault, giving them time to harden their techniques and put together. Hive’s Tor cost and information breach website was additionally seized.
According to Bleeping Computer, the FBI gained entry to 2 devoted servers and a digital personal server at a internet hosting supplier in California, leased utilizing e-mail addresses belonging to Hive members. Through coordinated operations, Dutch police additionally gained entry to 2 devoted backup servers hosted within the Netherlands. Law enforcement confirmed that the servers have been the first information breach website, negotiation website and internet panel for Hive and its associates.
According to the affidavit: “In addition to the decryption key, when the FBI examined the database discovered on Target Server 2, the FBI additionally discovered Hive communication data, malware file hashes, data on 250 Hive associates, and Victim data was beforehand obtained by means of decryption key manipulation.”
An FBI message on a seized Hive Tor web site (above) famous that many nations have been concerned within the coordinated operation, together with Germany, Canada, France, Lithuania, the Netherlands, Norway, Portugal, Romania, Spain, Sweden, and the United Kingdom.
“Using authorized means, we attacked the hackers,” Monaco advised reporters. “We turned it round with Hive.”
Launched in June 2021, Hive has focused greater than 1,500 victims in 80 totally different nations since its inception. Like different RaaS teams, it rents out malware to different criminals for ransom.
The gang has collected greater than $100 million in ransomware funds, and whereas no arrests have been introduced, a division official mentioned that might change quickly. Unlike different ransomware operators, Hive has by no means expressed an intention to keep away from focusing on hospitals or emergency providers.
Masthead supply: Sebastiaan Stam