The U.S. Federal Bureau of Investigation (FBI) has seized the website of the Hive ransomware gang after penetrating the group’s computer networks.
The agency said Thursday it penetrated the networks in July, 2022, leading to the capture of decryption keys. Since then it has quietly offered those keys to 300 victims. In addition, the FBI distributed over 1,000 additional decryption keys to previous Hive victims.
In co-ordination with German law enforcement (the German Federal Criminal Police and Reutlingen Police Headquarters-CID Esslingen) and the Netherlands National High Tech Crime Unit, yesterday it seized control of the Hive website.
In making the announcement, the FBI thanked a number of polices forces, including the RCMP and Peel Regional Police in Ontario.
Related content: Hive takes responsibility for Bell attack
“Last night the Justice Department dismantled an international ransomware network responsible for extorting and attempting to extort hundreds of millions of dollars from victims in the United States and around the world,” U.S. Attorney General Merrick Garland said in a statement this morning.
“Cybercrime is a constantly evolving threat. But as I have said before, the Justice Department will spare no resource to identify and bring to justice anyone, anywhere, who targets the United States with a ransomware attack. We will continue to work both to prevent these attacks and to provide support to victims who have been targeted. And together with our international partners, we will continue to disrupt the criminal networks that deploy these attacks.”
Since June 2021, the Hive ransomware group has targeted more than 1,500 victims around the world and received over US$100 million in ransom payments.
The U.S. is still the most targeted area of the world, with 1060 victims, a decline of almost 300 victims since last year, followed by the UK, Canada, and Germany.
While Q2 and Q3 saw major drops in ransomware activity (with 708 and 666 incidents, respectively, down from 763 in Q1), Q4 saw a slight rise to 672. Cyberint analysts describe the Q4 increase as indicative of the new and promising groups established in Q3 and Q4, such as Royal and BlackBasta, gaining ground.
LockBit 3.0’s rise to power and gaining notoriety without the use of Twitter for “PR” like other groups have increasingly done.
Talent for hire in the ransomware world is changing the game: Lockbit’s ‘Bug Bounty Program,’ which demonstrated the group’s arrogance and strength, offered rewards for anyone who found vulnerabilities in their servers.
The rise of Royal in the last months of 2022 saw them achieve a victim count rate already higher than LockBit’s, suggesting competition between the two can be expected in 2023.
The post Breaking news: FBI shuts down Hive ransomware gang’s IT infrastructure first appeared on IT World Canada.