WASHINGTON (Reuters) – The FBI revealed Thursday that it had secretly hacked and disabled a prolific ransomware gang called Hive, a maneuver that helped the bureau prevent the group from collecting more than $130 million in ransom demands with more than 300 victims. .
In a news conference, US Attorney General Merrick Garland, FBI Director Christopher Wray and Assistant US Attorney Lisa Monaco said government hackers broke into the Hive network and put the gang under surveillance, surreptitiously stealing the digital keys the group used to unlock victims’ organizations. . Data.
They were then able to alert victims in advance so they could take steps to protect their systems before Hive demanded payments.
“Using legitimate means, we hacked the hackers,” Monaco told reporters. “We’ve turned the tables on Hive.”
News of the takedown was first reported Thursday morning when the Hive website was replaced with a flashing message that read, “This website has been taken over by the FBI as part of a coordinated action by law enforcement.” Order Against Hive Ransomware”.
Hive servers have also been taken over by the German Federal Criminal Police and the Dutch High-Tech Crime Unit.
German Police Commissioner Udo Vogel said in a statement issued by the police and prosecutors of the state of Baden-Württemberg, who were involved in the investigation.
Reuters was not immediately able to locate contact details for Hive. It is not known where they were geographically.
The Hive removal process differs from some of the other high-profile ransomware cases announced by the US Department of Justice in recent years, such as the 2021 cyberattack on Colonial Pipeline Co.
In this case, the DOJ confiscated about $2.3 million in cryptocurrency ransoms after the company had already paid the hackers.
Here, there was no forfeiture as investigators intervened before the Hive could claim the payments. The secret infiltration, which began in July 2022, has yet to be discovered by the gang.
The ransom is over $100 million
Hive has been one of the most prolific among a wide range of cybercriminal groups that extort international corporations by encrypting their data and demanding huge payments in cryptocurrency in return.
Over the years, the Justice Department said, Hive has targeted more than 1,500 victims in 80 different countries and collected more than $100 million in ransomware payments.
A ministry official told reporters that although no arrests were announced on Wednesday, “stay tuned.”
Hive was responsible for at least 11 incidents involving US government organizations, schools and healthcare providers last year, said Canadian researcher Brett Callow of cybersecurity firm Emsisoft.
“Hive is one of the most active groups, if not the most active,” he said in an email.
Attorney General Merrick Garland said the FBI operation helped a wide range of victims, including a Texas school district.
“The office provided the decryption keys to the school district, which saved them from paying a $5 million ransom,” he said. Meanwhile, the Louisiana hospital saved $3 million.
Garland said the administration’s investigation is still ongoing.
(Reporting by Raphael Sater, Sarah N. Lynch, and Kathryn Jackson) Additional reporting by Rachel Moore in Berlin; Editing by Chizu Nomiyama and Rosalba O’Brien
Our Standards: The Thomson Reuters Trust Principles.