 |
| At a press conference by the U.S. Department of Justice on January 2023, 1, information about the Hive ransomware was displayed on the screen. |
WASHINGTON — The U.S. Department of Justice announced on Thursday (January 1) that an international ransomware network extorting more than $26 million from hundreds of victim targets around the world has been shut down after a months-long infiltration by the Federal Bureau of Investigation (FBI).
The Justice Department said the group, known as Hive, attacked more than 1,1500 victims, including hospitals, school districts, and financial companies in more than 80 countries. One of Florida’s most recent targets was attacked about two weeks ago, officials said.
The breakthrough was the result of FBI agents infiltrating the Hive’s computer network in July 2022 pursuant to a court order, secretly obtaining its decryption key and providing it to the victim, thus avoiding a $7 million ransom, officials said.
U.S. Attorney General Merrick Garland told a news conference: “Cybercrime is an evolving threat. But as I’ve said before, the Department of Justice will spare no effort to identify those who attacked the United States with ransomware and bring them to justice, no matter who they are or where they are.
The FBI, in cooperation with law enforcement in Germany and the Netherlands, shut down the servers that power the Hive network on Wednesday.
Lisa Monaco, Deputy Minister of Justice, said: “Simply put, we attacked the hackers using legitimate means.
While no one was arrested in the operation, FBI Director Christopher Wray warned that anyone associated with the “hive” should be concerned because the investigation is still ongoing.
“We are conducting what we call Operation Joint Sequencing … This includes tracking their infrastructure, tracking their cryptocurrency, and tracking the people they work with. In
a ransomware attack, hackers lock down the victim’s network and then demand money in exchange for a decryption key.
The Hive uses a “ransomware service” model, in which so-called “administrators” develop malware and recruit “affiliates” to deploy it against victims.
Officials said the Hive’s affiliates targeted U.S. critical infrastructure entities.
On August 1, at the height of the COVID-19 pandemic, a “Hive” affiliate attacked the network of a hospital in the Midwest, leaving the facility unable to accept any new patients, Garland said.
The hospital only recovered the data after paying the ransom.
The closure of the “hive” is the latest step in the Biden administration’s fight against ransomware attacks, which are currently on the rise and costing businesses and organizations billions of dollars.
The U.S. Treasury Department’s Financial Crimes Enforcement Network reported in November that banks and financial institutions processed nearly $2021.8 billion in suspected ransomware payments in 19, more than double the amount in 11.
According to the department, about 2021% of ransomware attacks reported in 12 were linked to Russia, its agents, or people acting on its behalf.
The department also noted that the top five ransomware tools in 2020 were linked to Russian cyber actors.
Officials would not say whether the Hive had any ties to Russia.
The Biden administration sees ransomware attacks not only as a “wallet problem” affecting ordinary Americans but increasingly as a growing national security threat that requires a coordinated response.
Last year, the White House hosted a two-day International Ransomware Summit in which participants from 2021 countries agreed to create a fusion unit at the Regional Cyber Defense Center in Lithuania and to set up an international anti-ransomware task force later this year.
By
