According to US sources, the FBI has seized the computer infrastructure used by a notorious ransomware group that has extorted more than $100 million from hospitals, schools, and other victims around the world.
FBI officials have had extraordinary access to the computer networks of the so-called Hive ransomware group since July, according to FBI Director Christopher Wray, allowing the bureau to pass computer “keys” to victims in order for them to decrypt their systems and thwart $130 million in ransom payments.
According to US officials, as of November, Hive ransomware had been used to extort nearly $100 million from over 1,300 firms worldwide, many of which were in health care.
The dark-web domain where Hive identified its victims was taken over by the FBI, Secret Service, and other European government agencies on Thursday, according to a message in Russian and English.
“To put it simply, we hacked the hackers using legal techniques,” Deputy Attorney General Lisa Monaco told reporters.
The Hive ransomware has become especially prevalent in the health-care industry. In August 2021, a ransomware attack using Hive malicious software led a hospital in the US Midwest to turn away patients as Covid-19 rose, according to Attorney General Merrick Garland.
Another reported Hive victim organisation in the United States is a 314-bed hospital in Louisiana. The hospital says it foiled a ransomware attempt in October, but the hackers stole personal information from roughly 270,000 patients.
“Hive jeopardised the safety and health of hospital patients, who are among our most vulnerable demographic,” said Errol Weiss, chief security officer for the Health Information Sharing and Analysis Center, a cyber threat sharing group for large health care providers throughout the world. “People can die when hospitals are attacked and medical systems fail.”
The declaration on Thursday is the latest in a string of Justice Department moves to crack down on international ransomware groups who lock up computers in US corporations, impair their operations, and demand millions of dollars to restore the systems. Authorities recovered millions of dollars in ransomware payments and encouraged businesses not to pay the crooks.
Colonial Pipeline, the key pipeline operator for transferring fuel to the East Coast, broke down for days in May 2021 owing to a ransomware attack by a suspected Russian cybercriminal, making the ransomware epidemic more pressing for US policymakers. People hoarded petrol at gas stations throughout numerous states as a result of the interruption.
While the ransomware business remains lucrative, there are indications that US and foreign law enforcement stings are reducing hackers’ revenues. According to cryptocurrency-tracking firm Chainalysis, ransomware revenue plummeted to around $457 million in 2022, down from $766 million in 2021.
Cybersecurity specialists applauded Hive’s demise, although some were concerned that another group would quickly fill the hole left by Hive.
“The loss of the Hive service will not result in a significant decrease in overall ransomware activity, but it is a blow to a dangerous gang that has endangered lives by attacking the healthcare system,” said John Hultquist, a vice president at Google-owned cybersecurity firm Mandiant.
“Unfortunately, the criminal economy at the heart of the ransomware crisis means that a Hive competitor will be standing by to offer a comparable service in their absence,” Hultquist stated.
Wray stated that the FBI would continue to seek down and apprehend those responsible for the Hive ransomware. It wasn’t immediately obvious where those individuals were. Hive has been described as a “potentially Russian speaking” group by the Department of Health and Human Services.