The Federal Bureau of Investigations, Department of Justice and Europol jointly announced that an international law enforcement operation infiltrated the Hive ransomware gang’s infrastructure in July, 2022. The operation lasted six months while they secretly monitored the cybercriminal activity.
The Justice Department coined this operation as a “21st-century cyber stakeout.”
Over six months, the operation allowed law enforcement to secretly identify victims and provide them keys to take back control of their networks. The effort blocked over $130 million in demanded ransoms, department officials said.
“The FBI and our prosecutors have been inside the network of one of the world’s most prolific ransomware variants,” Deputy Attorney General Lisa Monaco said. “We hacked the hackers.”
The FBI provided over 300 decryption keys to Hive victims who were targeted. They also provided over 1,000 additional decryption keys to previous Hive victims.
The Hive ransomware gang’s Tor website now features a rotating GIF warning in English and Russian that the website has been seized. Multiple international law enforcement agencies were involved and are depicted, such as the United Kingdom, Canada, France, and Germany.
The full affidavit is available in PDF format on the Department of Justice website.
Officials declined to specify where the people behind the Hive ransomware were based. However, according to experts, the majority of criminal ransomware groups are based in eastern Europe, particularly Russia, per the Wall Street Journal.
The Hive ransomware group has targeted hospitals across the United States, Tata Power, the New York Racing Association, and retail unit MediaMarkt, per BleepingComputer. They predominantly operate in a ransomware-as-a-service model, allowing affiliates to utilize their ransomware strains and take a percentage of the demanded ransom upon payment.
Not the end of ransomware, but a dent
While this may not spell the end of the Hive ransomware group, and certainly not ransomware as a whole, it is a significant victory for law enforcement.
The State Department’s “Rewards for Justice” program reminded the public Thursday that payment of up to $10 million awaits tipsters with information linking Hive or any other ransomware group that targets US critical infrastructure to a foreign government.
Hive hackers have been linked to over 1,500 victims and extorting more than $100 million in ransom payments.
