FBI seizes website of Hive ransomware gang, Justice Dept. announces

Washington — The FBI toppled an international ransomware group and seized its servers in California after more than a year of spying on the cybercriminals from inside their own network, federal officials and Attorney General Merrick Garland announced Thursday. 

The criminal enterprise, known as Hive, and its affiliates, had targeted more than 1,500 institutions in over 80 countries since June 2021, amassing over $100 million from its victims, according to the Justice Department, most recently in California and Florida

Ransomware groups like Hive allegedly design malicious software to infiltrate computer networks through a number of methods including phishing emails, holding their users hostage and demanding payment in exchange for decryption keys that release the high-tech hold. In one case, Hive's attack on a Midwestern hospital disrupted care in the midst of the COVID-19 pandemic and forced institutions to pay a ransom before they could treat their patients online, the Justice Department said. 

According to the Justice Department, other victims included school districts, financial firms, and critical infrastructure. 

In July 2022, FBI agents, including those in the Orlando office, penetrated Hive's computer networks and conducted what Deputy Attorney General Lisa Monaco called a "21st-century high-tech cyber stakeout." The federal authorities lawfully gained access to the hacking system authorized by a court, the officials said, and collected decryption keys for victims under attack by Hive. 

Investigators say they shared the keys they collected with ransomware victims across the globe, preventing them from being forced to pay approximately $130 million in ransoms to Hive affiliates. Unlike other law enforcement actions in which federal investigators were able to seize ransom payments already sent to hacking groups, in this case, officials said they were able to provide the victims the tools to subdue the attack before any money was sent. 

The FBI and international partners in Germany and the Netherlands were then able to take down Hive's infrastructure and seize their servers. 

Still, FBI Director Chris Wray said only about 20% of Hive's victims actually reported the ransomware attacks to law enforcement. The Justice Department is urging institutions to alert investigators to potential attacks in real time to achieve an optimal outcome. 

No arrests have been made in connection with Hive's illicit activities, but federal officials say the investigation is active and ongoing.

"No matter where you are, and no matter how much you try to twist and turn to cover your tracks – your infrastructure, your criminal associates, your money, and your liberty are all at risk," Wray said Thursday, "There will be consequences."

f

We and our partners use cookies to understand how you use our site, improve your experience and serve you personalized content and advertising. Read about how we use cookies in our cookie policy and how you can control them by clicking Manage Settings. By continuing to use this site, you accept these cookies.