WASHINGTON, Jan 26 (Reuters) – The FBI revealed on Thursday that it had secretly hacked and disrupted a massive ransomware gang known as Hive, a ploy that allowed the bureau to stop collecting more than $130 million in ransomware demands from more than 300 victims. .
At a news conference, US Attorney General Merrick Garland, FBI Director Christopher Wray and Deputy US Attorney General Lisa Monaco said they had infiltrated the Hive network and put the gang under surveillance, secretly stealing the digital keys the group used to unlock infected companies. information.
They were then able to warn victims early, so they could take steps to protect their systems before the hive demanded money.
“Using legitimate means, we hacked the hackers,” Monaco told reporters. “We turned the tables on the Hive.”
The takedown message first leaked Thursday morning, when Hive’s website was replaced with a flashing message: “The FBI seized this site as part of a coordinated law enforcement operation against Hive ransomware.”
Hive’s servers were also seized by the German Federal Criminal Police and the Dutch National High-Tech Crime Unit.
“Strong cooperation across national borders and continents, characterized by mutual trust, is the key to effectively combating serious cybercrime,” German Police Commissioner Udo Vogel said in a statement by police and prosecutors in the state of Baden-Wuerttemberg, which assisted in the investigation. .
Reuters could not immediately find contact details for Hive. It is not clear where they were located geographically.
The Hive takedown differs from some of the high-profile ransomware cases reported by the US Justice Department in recent years, such as the 2021 cyber attack against the Colonial Pipeline Company.
In that case, the Justice Department seized about $2.3 million in cryptocurrency ransom money after the company had already paid the hackers.
There were no seizures here because investigators intervened before Hive demanded money. The undercover infiltration, which began in July 2022, went undetected by the gang until now.
Over $100 MLN in ransom
Hive is one of a wide range of cybercriminal groups
Over the years, Hive has targeted more than 1,500 victims in 80 different countries and collected more than $100 million in ransomware payments, according to the Justice Department.
Although no arrests were announced Wednesday, a department official told reporters to “stay tuned.”
Brett Gallo, a Canadian researcher at cybersecurity firm Emsisoft, said Hive was responsible for at least 11 incidents involving US government agencies, schools and healthcare providers last year.
“Hive is one of the most active groups, if not the most active,” he said in an email.
Attorney General Merrick Garland said the FBI’s operation helped a variety of victims, including a Texas school district.
“The bureau provided the school district with the encryption keys, saving it from paying a $5 million ransom,” he said. Meanwhile, a Louisiana hospital saved $3 million.
Garland said the department’s investigation is ongoing.
Report by Raphael Satter, Sarah N. Lynch and Katherine Jackson; Additional reporting by Rachel More in Berlin; Editing by Chisu Nomiyama and Rosalba O’Brien
Our Standards: Thomson Reuters Trust Principles.
“Friend of animals everywhere. Devoted analyst. Total alcohol scholar. Infuriatingly humble food trailblazer.”