FBI hacks Hive hackers

Sent keys to victims, saving $130 million

Hive ransomware network dismantled after FBI hacked gang's systems

Image:

Hive ransomware network dismantled after FBI hacked gang's systems

US federal officials have seized Tor payment and data leak sites belonging to the Hive ransomware operation, which the gang used to collect millions of dollars in extortion payments.

The US Department of Justice (DoJ) said the group's servers were seized as part of a global law enforcement operation.

Hive's website now displays a notification stating that it has been seized by an international law enforcement coalition that included the DoJ and FBI.

The FBI began infiltrating Hive's networks in July last year and eventually obtained its decryption keys. They agency sent those keys to victims all across the globe, which helped them avoid paying $130 million in ransoms.

"In a 21st-century cyber stakeout, our investigative team turned the tables on Hive," the deputy attorney general, Lisa Monaco, said at a press conference on Thursday.

"Using lawful means, we hacked the hackers."

Since breaching Hive's network, the FBI has delivered over 300 decryption keys to victims who were under attack.

The organisation has also supplied approximately 1,000 more keys to previous Hive victims, including school districts, hospitals, financial companies and critical infrastructure firms.

The Hive gang functioned as a ransomware service, allowing anybody to use its software and other services to break into, lock down, and accept payments for unlocking a target's IT systems. Hive and the victim would split the proceeds.

The hackers would demand large sums of money, often in cryptocurrency, in return for releasing decryption keys. They would expose sensitive private information and documents if victims refused to pay.

According to a US government report issued last year, Hive and its clients targeted more than 1,300 businesses globally between June 2021 and November 2022, collecting approximately $100 million in ransom payments.

The DoJ has not yet announced any arrests. It has also declined to comment on the possibility of charges against Hive's members, as the investigation with Dutch and German law enforcement is ongoing.

"The coordinated disruption of Hive's computer networks, following months of decrypting victims around the world, shows what we can accomplish by combining a relentless search for useful technical information to share with victims with investigation aimed at developing operations that hit our adversaries hard," said FBI Director Christopher Wray.

"The FBI will continue to leverage our intelligence and law enforcement tools, global presence, and partnerships to counter cybercriminals who target American business and organisations."