The U.S. Justice Department revealed Thursday the outcomes of a months-long operation with the Federal Bureau of Investigation that actively obstructed the Hive ransomware group’s operations. According to the agency, the group had targeted banks, hospitals, and schools in more than 80 nations.
In a statement, US Attorney General Merrick Garland said the international ransomware network is responsible for extorting and attempting to extort hundreds of millions of dollars from victims.
Deputy Attorney General Lisa O. Monaco said:
“Simply put, using lawful means, we hacked the hackers.”
The group has targeted more than 1,500 victims worldwide since June 2021, according to the Justice Department, and has been paid more than $100 million in ransoms.
The U.S. Authorities Seized Access to Hive Network
According to the DOJ, the FBI’s operation to break into Hive’s network started in July 2022, and it was successful in obtaining over 1,300 decryption keys that allowed victims to recover their data and systems—including vital infrastructure.
John Hultquist, the director of Mandant Threat Intelligence, claimed that until the group is apprehended, they will never truly disband.
“They will have to reconstitute, which takes time, but I’ll bet they reappear in time,” He asserted.
Hive used a ransomware-as-a-service (RaaS) model featuring administrators, sometimes called “developers,” and affiliates.
The authorities defined RaaS as a subscription-based model where the developers or administrators develop a ransomware strain, create an easy-to-use interface with which to operate it, and then recruit affiliates to deploy the ransomware against victims.
Affiliates chose the targets for these attacks, used this ready-made malicious software to attack the victims, and then received a cut of the money collected in successful ransom payments. According to the agency, the operation to seize control of Hive’s servers and websites was coordinated with German and Dutch law enforcement.
Ransomware attacks generated $457 million in revenue in 2022 compared to $766 million in 2021, according to a recent report by blockchain forensics company Chainalysis.
The firm attributed the drop in ransomware payments to victims’ growing unwillingness to pay as well as an increase in cybersecurity awareness, describing Hive’s demise as a victory for cryptocurrency, law enforcement, and national security.
However, the seizure represents the Department of Justice’s most recent attempt to combat the menace of ransomware, which sees hackers encrypt or lock up their victims’ computer networks, steal their data, and demand a hefty ransom.