- The Justice Department announced that after months of battling the Hive ransomware group, they have finally disrupted its operations.
- The FBI broke into Hive’s computer networks and prevented victims from paying the $130 million ransom demanded.
- The Justice Department announced that it will continue to work both to prevent these attacks and to provide support to victims.
The FBI has announced that the infamous Hive ransomware group has been brought to justice. The Hive ransomware follows the ransomware-as-a-service (RaaS) model. Ransomware as a service (RaaS) is a business model in which ransomware is sold or rented to buyers known as affiliates. Hive is U.S. Central Intelligence Agency (CIA)’s multi-platform malware suite and its source code was leaked by WikiLeaks back in 2017.
You may be interested in:
- Microsoft Exchange Servers are targetted by Hive ransomware
- Hive ransomware now encrypts Linux systems
Hive’s efforts have been disrupted
The Justice Department announced that after fighting to put an end to the Hive ransomware group for months, they have finally disrupted its efforts. The FBI breached Hive’s computer networks, seized its decryption keys, and distributed them to victims worldwide, saving victims from having to pay the $130 million ransom demanded. The department announced on the 26th of January that it had disrupted Hive’s efforts in collaboration with German law enforcement and the Netherlands National High Tech Crime Unit.
Attorney General Merrick B. Garland said:
« The Justice Department dismantled an international ransomware network responsible for extorting and attempting to extort hundreds of millions of dollars from victims in the United States and around the world. Cybercrime is a constantly evolving threat. But as I have said before, the Justice Department will spare no resource to identify and bring to justice, anyone, anywhere, who targets the United States with a ransomware attack. We will continue to work both to prevent these attacks and to provide support to victims who have been targeted. And together with our international partners, we will continue to disrupt the criminal networks that deploy these attacks. »
Since June 2021, the Hive ransomware group has targeted over 1,500 victims worldwide and collected more than $100 million.
Hive actors use a two-step extortion model in which they stole or exfiltrated sensitive data before demanding ransom for both the key necessary to decrypt the victim’s system and a promise not to publish the stolen data. After a victim pays, the affiliate and administrator share the majority of the profits. Victims who do not pay are likely to have their data published on the Hive Leak Site.