An international network of digital ransomware, known as ransomwarewhich extorted more than $100 million worth of hospitals and other organizations around the world, was shot down after a months-long infiltration by the FBI, the Justice Department said Thursday.
The group of ransomware Hive, known to have been operating since June 2021, has targeted more than 1,500 victims, including hospitals, school districts and financial firms in more than 80 countries, Justice Department and FBI officials said at a news conference. The most recent victim of the network was attacked just two weeks ago in Florida.
in a fit of ransomwarehackers encrypt data on the victim’s network and then demand payment in exchange for providing a decryption key.
FBI agents, who broke into the group’s computer networks last summer and thwarted multiple attacks, seized its two Los Angeles servers Wednesday night as they seized control of dark web sites (dark net) used by its affiliates, authorities said.
German and Dutch police agencies participated in the international police action.
Attorney General Merrick Garland and other senior law enforcement officials announced the operation.
“Cybercrime is a constantly evolving threat,” Garland said. “But as I said before, the Department of Justice will spare no resources to identify and bring to justice anyone, anywhere, who targets the United States with an attack of ransomware”.
Hive used a model of “ransomware as a service” in which highly-skilled developers build the malware and then recruit less sophisticated affiliates to deploy it against victims.
Garland said Hive affiliates targeted “critical infrastructure and some of our nation’s most important industries.”
In August 2021, at the height of the COVID-19 pandemic, Hive affiliates attacked a Midwestern hospital network, preventing the medical center from accepting new patients, Garland said.
The hospital was able to recover its data only after paying a ransom, the attorney general said.
While no arrests have been made in connection with the operation, FBI Director Christopher Wray warned that “anyone involved with Hive should be concerned, because this investigation is ongoing.”
“We are engaged in what we call ‘joint sequential operations’ and that includes going after their infrastructure, going after their crypto, and going after the people who work with them,” Wray said.
FBI agents infiltrated Hive from July 2022 until its seizure, covertly capturing its decryption keys and sharing them with victims, saving the targets $130 million in ransom payments, authorities said.
“Simply put, using legal means, we hack the hackers,” said Assistant Attorney General Lisa Monaco.
In all, the FBI provided decryption keys to more than 300 victims, Garland said, including a Texas school district, a Louisiana hospital and a food service company that had been asked to pay millions of dollars in ransom payments. The FBI also distributed more than 1,000 additional decryption keys to previous Hive victims.
A crime on the rise
The takedown represents a victory for the Biden administration’s efforts to crack down on a recent surge in hacking attacks. ransomware that cost businesses and governments around the world billions of dollars a year.
US banks and financial institutions processed nearly $1.2 billion in suspicious payments of ransomware in 2021, more than double the amount in 2020, the Treasury Department’s Financial Crimes Enforcement Network (FinCen) reported in November.
Approximately 75% of attacks ransomware reported in 2021 had a nexus to Russia, its proxies, or people acting on its behalf, according to FinCen, which also says the five intelligence tools ransomware most blockbusters used in 2021 were all connected to Russian cyberactors.
The officials did not say whether Hive had any known ties to Russia.
Connect with the Voice of America! Subscribe to our channel Youtube and activate notifications, or follow us on social networks: Facebook, Twitter and instagram.