The FBI, in a joint operation with Europol, the National High-Tech Crime Unit of the Netherlands, the German Federal Criminal Police and the Reutlingen Police Headquarters (Germany) managed to strike a blow against cybercrime that hijacked data from companies to request millionaire ransoms later. The Hive group, responsible for these cyber attacks, was hacked by the authorities.
The US Federal Bureau of Investigation, FBI, announced that it hacked a gang of ransomware -or data kidnapping- called Hive, which worked from the dark internet or “darkweb”, the part of the internet that conventional browsers do not access. According to the authorities, with this action he was able to thwart this group from collecting more than 130 million dollars from more than 300 victims.
FBI Director Christopher Wray, along with US Attorney General Merrick Garland and Deputy Attorney General Lisa Monaco, said their hackers managed to break into the Hive network, placing the gang under surveillance.
Later they were able to get hold of the digital keys that the group used to unlock the data of the organizations that were victims of Hive.
“Last night, the Department of Justice dismantled an international ransomware ring responsible for extorting and attempting to extort hundreds of millions of dollars from victims in the United States and around the world,” said Attorney General Garland.
Cybercriminals infiltrate their victims’ computer systems, encrypt company data, and demand payment to unlock it.
This operation allowed them to alert those affected before their data fell into the hands of Hive and thus took measures to protect the information and prevent the group from demanding payments to release them.
If victims refused to pay, Hive threatened to post confidential internal files and documents online.
According to the deputy attorney general, they used “legal means” with which they hacked the hackers.” In addition, she stated that they “turned the tortilla around”.
“Unfortunately, during these seven months, we discovered that only 20% of the Hive victims had alerted the police,” said the FBI chief, urging all companies and entities to contact their agents as soon as possible in case Of attack.
News of Hive’s downfall broke Thursday morning when a banner appeared on its website that read: “The Federal Bureau of Investigation has seized this site as part of coordinated law enforcement action taken against the Hive ransomware”.
Operation Dawnbreaker
The Netherlands National High-Tech Crime Unit together with the German Federal Criminal Police, the German Reutlingen Police Headquarters, as well as Europol assisted in the operation dubbed “Dawnbreaker”, as confirmed by the FBI director. , which also said that units from Germany and the Netherlands seized the Hive servers.
In a statement from the Baden-Wuerttemberg State Police and Prosecutor’s Office, which collaborated in the investigation, Police Commissioner Udo Vogel said that “intensive cooperation across national borders and continents, characterized by mutual trust, is the key to effectively fighting serious cybercrime.”
The Stuttgart, Germany, prosecutor’s office said in a statement that the operation had its origin in an investigation that its services opened after attacks against companies in the region that “did not give in to blackmail and informed the authorities.”
The Rueters news agency tried to contact Hive, but was unable to locate their contact details. It is also unclear what its geographic location is.
The Hive case this Wednesday is different from others brought by the United States Department of Justice against these cybercriminals. In 2021, the Colonial Pipeline Co. company was subjected to a cyberattack and authorities managed to seize $2.3 million in ransom cryptocurrencies after the company had already paid the hackers.
Thursday’s operation allowed investigators to intervene before Hive demanded the payments. The covert infiltration, which began in July 2022, has gone largely unnoticed by the gang until now.
millionaire bailouts
Among the group of cybercriminals, Hive was one of the most productive among these gangs that extort international companies after encrypting their data and demanding million-dollar ransoms in cryptocurrencies.
The US Department of Justice estimates that the organization has attacked more than 1,500 victims in 80 countries and has managed to receive payments of more than 100 million dollars.
So far there is no report that the authorities have detained anyone from Hive.
For the Canadian researcher, Brett Callow, who works for the cybersecurity company Emsisoft, Hive in 2022 was responsible for at least 11 incidents in which government organizations, schools and health care providers in the United States were affected. In an email he said that “Hive is one of the most active groups, if not the most.”
Attorney General Garland claimed that the FBI operation prevented a large number of victims from paying for their seized data and that the Texas school district was “provided decryption keys by the office… saving it from making a ransom payment of 5 million dollars.”
Hive’s victims included Costa Rica’s public health service, India’s Tata Power, German retail giant Media Markt, Indonesia’s state-owned gas company, as well as several US hospitals.
With Reuters and AFP