FBI penetrates Hive’s networks, captures decryption keys, and seizes servers, preventing $130 million in ransom payments and disrupting the group’s ability to attack victims.

The Justice Department announced today that it has successfully disrupted the international ransomware network known as Hive, which has targeted over 1,500 victims in over 80 countries worldwide, including hospitals, school districts, financial firms, and critical infrastructure.

The months-long campaign, which began in July 2022, involved the FBI infiltrating Hive’s computer networks. Capturing its decryption keys and offering them to victims worldwide, preventing them from paying the $130 million ransom demanded.

In addition to providing decryption keys to victims, the FBI also distributed over 1,000 additional keys to previous Hive victims.

In coordination with German and Dutch law enforcement, the department said it had seized control of the servers and websites. Hive used to communicate with its members, preventing the gang from attacking and extorting victims.

Attorney General Merrick B. Garland Said:

Cybercrime is a constantly evolving threat. But as I have said before, the Justice Department will spare no resource to identify and bring to justice anyone, anywhere, which targets the United States with a ransomware attack.

Since June 2021, the Hive ransomware group has targeted over 1,500 victims worldwide and hacked over $100 million. The attacks have caused major disruptions in victims’ daily operations worldwide and affected responses to the COVID-19 pandemic.

Hive Network Attack strategy

Hive used a ransomware-as-a-service (RaaS) model featuring administrators, sometimes called developers, and affiliates. RaaS is a subscription-based model where the developers or administrators develop a ransomware strain, create an easy-to-use interface to operate it and recruit affiliates to deploy the ransomware against victims.

Hive actors employed a double-extortion model of attack. Before encrypting the victim system, the affiliate would exfiltrate or steal sensitive data. The affiliate then sought a ransom for both the decryption key necessary to decrypt the victim’s system and a promise not to publish the stolen data.

The DOJ disruption of the Hive ransomware group should be a clear message to both victims and culprits of cybercrime. The department is committed to using all resources to combat cybercrime and prioritizing the needs of victims in its efforts.

Related Reading | FTX Lawyers Claim Sam Bankman-Fried’s Family Not Cooperating With Financial Probe

Furthermore, the news was also revealed, and the justice department was congratulated by Chainalysis, a blockchain analysis firm. Authorities think that Hive’s computer networks were actually destroyed after months of decrypting victims all across the world.

However,We can see the results when we combine research aimed at developing operations that severely injure our enemies with an ongoing hunt for technical data that we can share with victims.