U.S. says it ‘hacked the hackers’ to convey down ransomware gang, serving to 300 victims
By Sarah N. Lynch and Raphael Satter
WASHINGTON (Reuters) -The FBI revealed on Thursday it had secretly hacked and disrupted a prolific ransomware gang known as Hive, a maneuver that allowed the bureau to thwart the group from gathering greater than $130 million in ransomware calls for from greater than 300 victims.
At a information convention, U.S. Legal professional Basic Merrick Garland, FBI Director Christopher Wray, and Deputy U.S. Legal professional Basic Lisa Monaco stated authorities hackers broke into Hive’s community and put the gang below surveillance, surreptitiously stealing the digital keys the group used to unlock sufferer organizations’ information.
They had been then capable of alert victims upfront so they might take steps to guard their methods earlier than Hive demanded the funds.
“Utilizing lawful means, we hacked the hackers,” Monaco instructed reporters. “We turned the tables on Hive.”
Information of the takedown first leaked on Thursday morning when Hive’s web site was changed with a flashing message that stated: “The Federal Bureau of Investigation seized this web site as a part of coordinated regulation enforcement motion taken towards Hive Ransomware.”
Hive’s servers had been additionally seized by the German Federal Felony Police and the Dutch Nationwide Excessive Tech Crime Unit.
“Intensive cooperation throughout nationwide borders and continents, characterised by mutual belief, is the important thing to preventing severe cybercrime successfully,” stated German police commissioner Udo Vogel in an announcement from police and prosecutors within the state of Baden-Wuerttemberg, who assisted within the probe.
Reuters was not instantly capable of find contact particulars for Hive. It’s unclear the place they had been geographically primarily based.
The takedown of Hive is distinct from a few of the different high-profile ransomware circumstances the U.S. Justice Division has introduced in recent times, equivalent to a cyber assault in 2021 towards the Colonial Pipeline Co.
In that case, the Justice Division seized some $2.3 million in cryptocurrency ransom after the corporate had already paid the hackers.
Right here, there have been no seizures as a result of investigators intervened earlier than Hive demanded the funds. The undercover infiltration, which began in July 2022, went undetected by the gang till now.
OVER $100 MLN IN RANSOM
Hive was one essentially the most prolific amongst a variety of cybercriminal teams that extort worldwide companies by encrypting their information and demanding huge cryptocurrency funds in return.
The Justice Division stated that through the years, Hive has focused greater than 1,500 victims in 80 totally different nations, and has collected greater than $100 million in ransomware funds.
Though there have been no arrests introduced on Wednesday, one division official instructed reporters to “keep tuned.”
Canadian researcher Brett Callow, of cybersecurity firm Emsisoft, stated that Hive was answerable for at the very least 11 incidents involving U.S. authorities organizations, colleges, and healthcare suppliers final 12 months.
“Hive is without doubt one of the most lively teams round, if not essentially the most lively,” he stated in an e-mail.
Legal professional Basic Merrick Garland stated the FBI’s operation helped a variety of victims, together with a Texas college district.
“The bureau supplied decryption keys to the varsity district, saving it from making a $5 million ransom fee,” he stated. A Louisiana hospital, in the meantime, was spared $3 million.
Garland stated the division’s investigation stays ongoing.
(Reporting by Raphael Satter, Sarah N. Lynch and Katherine Jackson; further reporting by Rachel Extra in Berlin; Enhancing by Chizu Nomiyama and Rosalba O’Brien)