Law enforcement authorities in more than a dozen countries in Europe and North America have been involved in disrupting the activities of the Hive ransomware group, the US Department of Justice and Europol have announced. Hive is believed to have targeted various organizations around the world in the past two years, often extorting cryptocurrency payments.
Captured decryption keys helped Hive victims avoid paying $130 million in ransom
The Hive ransomware network, which has claimed around 1,500 victims in more than 80 countries, has been hit by a months-long disruption campaign, the US Department of Justice (DOJ) and the Agency for Justice revealed. European Union for Law Enforcement Cooperation (Europol). A total of 13 nations participated in the operation, including EU member states, the United Kingdom and Canada.
Hive has been identified as a major cybersecurity threat, as ransomware has been used by affiliated actors to compromise and encrypt data and computer systems of government facilities, oil multinationals, IT and telecommunications companies in the EU and US. Europol said. Hospitals, schools, financial firms and critical infrastructure have been targeted, the Justice Department said.
It has been one of the most prolific ransomware strains, noted Chainalysis, which has collected at least $100 million from victims since its launch in 2021. A recent report by the blockchain forensics company revealed that revenue from such attacks declined last year, with a growing number of affected organizations refusing to pay demanded ransoms.
According to announcements from law enforcement authorities, the US Federal Bureau of Investigation (FBI) broke into Hive’s computers in July 2022 and captured their decryption keys, providing them to victims worldwide, allowing them to prevented from paying another $130 million.
Working with the German Federal Police and the Netherlands High-Tech Crime Unit, the Bureau has now taken control of the servers and websites that Hive used to communicate with its members and victims, including the network domain. obscure where stolen data was sometimes published. FBI Director Christopher Wray was quoted as saying:
The coordinated disruption of Hive’s computer networks… shows what we can achieve by combining a relentless search for useful technical information to share with victims.
Hive ransomware was created, maintained, and updated by developers while being used by affiliates in a ‘ransomware-as-a-service’ (RaaS) model of double extortion, explained Europol. The affiliates would initially copy the data and then encrypt the files before demanding a ransom to decrypt the information and not post it on the jailbreak site.
The attackers exploited various vulnerabilities and used a number of methods, including single-factor logins via Remote Desktop Protocol (RDP), Virtual Private Networks (VPNs), and other remote network connection protocols, as well as email. phishing with malicious attachments, detailed law enforcement agencies.
Do you expect law enforcement authorities around the world to take down more ransomware networks in the near future? Tell us in the comment section below.
image credits: Shutterstock, Pixabay, Wiki Commons
Disclaimer: This article is for informational purposes only. It is not a direct offer or a solicitation of an offer to buy or sell, or a recommendation or endorsement of any product, service or company. bitcoin.com does not provide investment, tax, legal or accounting advice. Neither the company nor the author is responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services mentioned in this article.