The U.S. Department of Justice announced this week that FBI agents have successfully dismantled a notorious ransomware group called Hive and stopped $130 million worth of ransom demands, with victims no longer having to pay ransoms. The FBI revealed that it had infiltrated the group’s network for months before working with Germany and the Netherlands this week to shut down Hive’s servers and websites.
Image Source Pexels
Deputy Attorney General Lisa Monaco said at a news conference, “Simply put, we hacked the hackers, using legal means.”
The FBI claims to have quietly gotten its hands on more than 300 decryption keys by secretly hacking into Hive servers and passing them back to victims whose data was locked up by the organization. In his statement, U.S. Attorney General Merrick Garland said that in the past few months, the FBI used the decryption keys to “rescue” a Texas school district facing a $5 million ransom, a Louisiana hospital that was asked to pay $3 million, and an unnamed food service company facing a $10 million ransom. unnamed food service company.
We turned the tables on Hive and broke their business model,” said Monaco, who was once considered one of the top five ransomware threats by the FBI. According to the Department of Justice, Hive has received more than $100 million in ransom payments from victims since June 2021.”
Hive’s “Ransomware as a Service (RaaS)” model is to create and sell ransomware, then recruit “affiliates” to go out and deploy it, with Hive administrators taking 20 percent of all proceeds, and if someone refuses to pay, the ransomware is distributed on If someone refuses to pay, the stolen data is published on the “HiveLeaks” website. According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the methods used by these affiliates included email phishing, exploiting a FortiToken authentication vulnerability, and gaining access to the company’s VPN and remote desktops (using RDP), which can only be protected by single-factor logins.
Hive is the largest ransomware group taken down by the FBI since REvil in 2021, which had leaked the Apple vendor’s MacBook schematics.
While conducting surveillance on Hive, the FBI found more than 1,000 encryption keys associated with the group’s previous victims, and FBI Director Christopher Wray noted that only 20 percent of the discovered victims reached out to the FBI for help. Many victims of ransomware attacks do not contact the FBI because they fear backlash from hackers and scrutiny of their industry for failing to protect themselves.
The FBI hopes to convince more victims to come forward and cooperate with them rather than give in to the hackers’ demands.
