The FBI announced the takedown of Hive, a ransomware network with members across multiple states in Europe and North America, in a recent press release.
The US agency stated that they had been on the case since at least 2021.
Despite the efforts of the FBI, the network was tough to crack. However, in July of 2022, law enforcement was able to penetrate the cybercrime group’s control center, gaining access to the decryption keys that were to be given to victims who paid the requested ransom.
A high-profile example of this attack would be the encryption of the Costa Rican healthcare service’s computers during the spring of 2022, with Hive requesting $5 million in Bitcoin in exchange for decryption.
As a result, over the last few months, the FBI quietly approached the victims of the attacks, offering them the keys and denying up to $130 million in ransomware payments, effectively cutting off the group from funding. The hackers are believed to have secured around $100 million in ransom payments across more than 1,500 victims – which means the FBI effectively denied them more than half of all potential payouts.
The FBI reached out to both victims who contacted law enforcement and those who didn’t. Unfortunately, only 20% of Hive’s victims asked for help, prompting FBI Director Christopher Wray to remind the public that often, the only way victims of cybercrime can be assisted is if they reach out.
“The coordinated disruption of Hive’s computer networks, following months of decrypting victims around the world, shows what we can accomplish by combining a relentless search for useful technical information to share with victims with investigation aimed at developing operations that hit our adversaries hard.
The FBI will continue to leverage our intelligence and law enforcement tools, global presence, and partnerships to counter cybercriminals who target American businesses and organizations.”
Co-Operation Across Multiple Agencies
Since then, the FBI and its partners across Europe and North America have further infiltrated the network, culminating in the seizure of the cybercrime group’s assets on the 26th of January.
In total, 16 agencies in 12 countries collaborated in order to shut down the crime network and help victims recover their funds.
Although the network has been taken down, Hive was not the only ransomware group out there – a fact that should remind us all to remain in control of our own cybersecurity at all times.