After a months-long covert operation, the US Department of Justice (DOJ) and its international partners (in Germany and the Netherlands) shut down an international ransomware network known as Hive, the US Department of Justice announced Thursday. Since 2021, the Hive ransomware group has targeted more than 1,500 victims worldwide, obtaining more than $100 million in ransom payments from hospitals, schools, and financial companies.
To take down the Hive network, authorities have implemented “21st-century computer surveillance,” according to Assistant Attorney General Lisa O. Monaco.
“Our team of investigators turned the tide by grabbing Hive’s decryption keys, handing them over to victims, and ultimately avoiding the payment of over $130 million in ransomware,” she said in a statement.
An operation started in July 2022
The FBI first penetrated Hive’s computer networks in July 2022. During the operation, the agency managed to obtain over 300 decryption keys. She also recovered over 1,000 additional decryption keys to relieve previous Hive victims.
This whole operation involved taking control of the servers and websites that Hive used to communicate with its members.
Hive used a ransomware-as-a-service (RaaS) model. Hive “developers” or “admins” would develop a strain of ransomware, then recruit “affiliates” who could deploy it against victims. The “affiliates” stole victims’ sensitive data and also encrypted their systems.
Once a victim paid the hackers to recover the stolen data – along with the decryption key needed to decrypt their system – Hive affiliates and administrators split the ransom 80/20. If a victim did not pay, their data was published online on the Hive site.
For further
Source: “ZDNet.com”