US says it ‘hacked the hackers’ to bring down ransomware gang, helping 300 victims

WASHINGTON — The Federal Bureau of Investigation (FBI) on Thursday revealed it had secretly hacked and disrupted a prolific ransomware gang known as Hive, a maneuver that allowed the bureau to thwart the group from amassing greater than $130 million in ransomware calls for from greater than 300 victims.

At a information convention, US Legal professional Basic Merrick Garland, FBI Director Christopher Wray, and Deputy US Legal professional Basic Lisa Monaco stated authorities hackers broke into Hive’s community and put the gang beneath surveillance, surreptitiously stealing the digital keys the group used to unlock sufferer organizations’ information.

They had been then in a position to alert victims prematurely so they may take steps to defend their programs earlier than Hive demanded the funds.

“Using lawful means, we hacked the hackers,” Ms. Monaco advised reporters. “We turned the tables on Hive.”

Information of the takedown first leaked on Thursday morning when Hive’s web site was changed with a flashing message that stated: “The Federal Bureau of Investigation seized this site as part of coordinated law enforcement action taken against Hive Ransomware.”

Hive’s servers had been additionally seized by the German Federal Prison Police and the Dutch Nationwide Excessive Tech Crime Unit.

“Intensive cooperation across national borders and continents, characterized by mutual trust, is the key to fighting serious cybercrime effectively,” stated German police commissioner Udo Vogel in an announcement from police and prosecutors in the state of Baden-Wuerttemberg, who assisted in the probe.

Reuters was not instantly in a position to find contact particulars for Hive. It’s unclear the place they had been geographically based mostly.

The takedown of Hive is distinct from a few of the different high-profile ransomware instances the US Justice Division has introduced lately, akin to a cyber assault in 2021 in opposition to the Colonial Pipeline Co.

In that case, the Justice Division seized some $2.3 million in cryptocurrency ransom after the firm had already paid the hackers.

Right here, there have been no seizures as a result of investigators intervened earlier than Hive demanded the funds. The undercover infiltration, which began in July 2022, went undetected by the gang till now.

OVER $100M IN RANSOM

Hive was one the most prolific amongst a variety of cybercriminal teams that extort worldwide companies by encrypting their information and demanding huge cryptocurrency funds in return.

The Justice Division stated that over the years, Hive has focused greater than 1,500 victims in 80 completely different nations, and has collected greater than $100 million in ransomware funds.

Though there have been no arrests introduced on Wednesday, Mr. Garland stated the investigation was ongoing and one division official advised reporters to “stay tuned.”

Garland stated the FBI’s operation helped a variety of victims, together with a Texas college district.

“The bureau provided decryption keys to the school district, saving it from making a $5 million ransom payment,” he stated. A Louisiana hospital, in the meantime, was spared $3 million.

Hive was a ransomware-as-a-service group (typically abbreviated RaaS) which signifies that it farmed out facets of its hacking spree to associates in trade for a lower of the proceeds.

Canadian researcher Brett Callow, of cybersecurity firm Emsisoft, stated in an electronic mail it was “one of the most active groups around, if not the most active.”

Worldwide regulation enforcement has struggled for years to beat the hydra-like scourge of ransomware, which has periodically crippled corporations, authorities our bodies and — more and more — essential infrastructure.

Wanting any arrests, Hive’s hackers will seemingly quickly “either set up shop under a different brand or get recruited into other RaaS groups,” stated Jim Simpson, director of menace intelligence at British agency Searchlight Cyber.

Mr. Simpson nonetheless welcomed the transfer, saying that “either way, the operation has imposed a significant cost on Hive’s activities.” — Reuters

Source link