The U.S. Department of Justice (DOJ) has announced it has taken down an international ransomware ring by hacking into the group’s network and taking over its servers.
In July 2022, the FBI first penetrated the Hive ransomware group, which has targeted the computers of more than 1,500 victims in over 80 countries, demanding a cumulative $130 million in random payments.
Randsomware attacks occur after malware, typically installed on a computer after a user opens a suspicious link in an e-mail, encrypts data on a computer or entire network rendering it unusable, which a hacker holds hostage until a ransom is paid to unlock the files.
After infiltrating Hive’s network, the FBI captured more than 1,300 decryption keys and provided them to Hive victims, allowing those victims to regain access to their computer systems without paying ransom.
Deputy Attorney General Lisa Monaco told reporters on Jan 26 the operation is a testament to the DOJ fulfilling its promise to attack ransomware threats from every angle.
“Unbeknownst to Hive in a 21st century cyber stakeout, our investigative team lawfully infiltrated hives network and hid there for months, repeatedly swiping decryption keys and passing them on to victims to free them from ransomware,” Monaco said in prepared remarks. “Simply put, using lawful means, we hacked the hackers, we turned the tables on hive, and we busted their business model saving potential victims approximately 130 million in ransomware payments.”
During the same press briefing, Attorney General Merrick Garland said that in August 2021, Hive affiliates deployed malware on computers at a hospital located in the midwest. He said the attack prevented the hospital from taking in new patients. The malware attack also forced hospital officials to use paper for patient information. Ultimately, the hospital paid the ransom to regain access to its computers.
Garland said that since December 2022, Hive has targeted unspecified victims in California and Florida.
The DOJ announcement comes just weeks after global travel was severely disrupted after a cyber attack crashed the Federal Aviation Administration (FAA) Notice to Air Missions (NOTAM) system, which resulted in 1,200 cancelled flights and 8,500 delays on the East Coast.
That attack overlapped with cyber attacks in Michigan, Canada, and the United Kingdom. They also coincided with a spike in the price of the digital currency Bitcoin, prompting many, including Fox News anchor Tucker Carlson, to speculate if the attacks were actually ransomware attacks the government was refusing to acknowledge.
Garland said during the press briefing that the DOJ had obtained a court order to seize Hive’s computer network, which has now been taken offline.
“Cyber crime is a constantly evolving threat, but as I have said before, the Justice Department will spare no resource to identify and bring to justice anyone, anywhere who targets the United States with a ransomware attack,” Garland said. “We will continue to work both to prevent these attacks and to provide support to victims who have been targeted. And together with our international partners, we will continue to disrupt the criminal networks that deploy these attacks.”