US Justice Department seizes website of prolific ransomware gang Hive
The group is known to have targeted critical infrastructure, healthcare providers and more over the past two years.
According to United States Federal Bureau of Investigation Director Christopher Wray on Jan. 26, international law enforcement groups have dismantled the infamous Hive cryptocurrency ransomware gang. He claimed that the operation has recovered over 1,300 decryption keys for victims since July 2022 and prevented $130 million in ransomware payments. Officials raised the example of one incident where a Hive ransomware attack on a Louisiana hospital was thwarted by law enforcement, saving the victim from a $3-million ransom payment.
Ghost servers were reportedly seized Wednesday night in an international law enforcement effort between U.S. authorities, the German Reutlingen Police Headquarters, the German Federal Criminal Police, the Netherlands National High Tech Crime Unit and Europol to track ransom payments, seize them back to victims, and dismantle the network’s infrastructure.
The organization had been infiltrated by undercover agents since July 2022. As told by Wray, law enforcement gained “clandestine, persistent” access to Hive’s control panels since that time and had been secretly helping victims recover their assets and locked devices unbeknownst to Hive.
Hive was behind a series of notorious ransomware incidents, such as the April-to-May 2022 Costa Rica public health service and social security fund cyberattack. The group locked key digital infrastructure and demanded $5 million in Bitcoin (BTC) ransom payments for the restoration of services. Over 4,800 individuals reportedly missed their medical appointments in the first few days following the attack. Despite the successful enforcement action, Wray also warned:
“Unfortunately, during these past seven months, we found that only about 20% of Hive’s victims reported potential issues to law enforcement. Here, fortunately, we were still able to identify and help many victims who didn’t report in. But that is not always the case. When victims report attacks to us, we can help them — and others, too.”