WASHINGTON — Federal investigators have taken down the computer networks of a cybercriminal organization that had demanded hundreds of millions of dollars in ransom money from schools, hospitals and other critical infrastructure, the Justice Department said Thursday.
In July, the FBI and its counterparts in Germany, the Netherlands and the European law enforcement agency Europol gained covert access to the servers and websites run by the Hive organization, considered one of the most active ransomware groups in the year. past. Over the next several months, agents hid in the system, identifying targets and repeatedly thwarting Hive’s attempts to extort more than 300 victims, preventing them from paying $130 million in ransoms.
The effort was “21st century cyber surveillance,” Lisa O. Monaco, assistant attorney general, said during a news conference Thursday. “Simply put, using legal means, we hack the hackers.”
The operation against Hive is part of a larger effort by the department to combat ransomware, a global threat that has grown in recent years and one that the Biden administration has considered a national security priority.
On Wednesday night, officials seized two back-end computer servers in Los Angeles used by Hive and took down their dark web sites, which allow users to hide their identities, Attorney General Merrick B. Garland said in the press conference. The department did not announce any arrests, but authorities said the investigation was continuing.
“Cybercrime is a constantly evolving threat,” said Mr. Garland. “But as I said before, the Department of Justice will spare no resources to identify and bring to justice anyone, anywhere, who attacks the United States with a ransomware attack.”
Since July 2021, Hive affiliates have operated a so-called double extortion scheme in which hackers encrypt victims’ data, threaten to leak it online, and demand a ransom payment, often worth millions of dollars. dollars, to return access and promise not to publish. the stolen information.
Through these attacks, the group successfully extorted more than $100 million in payments and targeted more than 1,500 schools, hospitals, businesses, and other institutions that officials have deemed critical infrastructure. These include health care groups and school districts in the United States, as well as major companies in Europe and The Costa Rican public health system.
In an attack on a hospital in the Midwest during the coronavirus pandemic in August 2021, Hive prevented the hospital from accepting new patients and gaining access to its digital database of patient information, forcing hospital workers to hospital to rely on analog copies. The hospital recovered its data only after paying a ransom.
Only 20 percent of Hive victims reported potential problems to law enforcement, according to FBI Director Christopher A. Wray, who urged other ransomware victims to speak up.
