The United States Department of Justice released a statement on Thursday, confirming the FBI’s (Federal Bureau of Investigation) covert infiltration of the Hive ransomware group. Hive has targeted over 1500 victims in over 80 countries, collecting over $100 million in cryptocurrency ransom. The effort to seize control of Hive’s servers and websites was coordinated with German and Dutch law authorities.
As per the official statement, the FBI has been penetrating Hive’s computer network since July 2022. The FBI’s efforts have prevented victims from paying $130 million in cryptocurrency ransom money. Since infiltrating Hive’s network, the FBI has provided over 300 decryption keys to active Hive victims. Additionally, the agency has provided decryption keys to over 1000 previously attacked victims.
Attorney General Merrick B. Garland stated,
“Last night, the Justice Department dismantled an international ransomware network responsible for extorting and attempting to extort hundreds of millions of dollars from victims in the United States and around the world.”
Moreover, Garland added that the Justice Department will continue its work against such groups and “spare no resource to identify and bring to justice anyone, anywhere, who targets the United States with a ransomware attack.”
Moreover, Hive’s website was taken down and visitors are greeted with the message, “The Federal Bureau of Investigation seized this site as part of coordinated law enforcement action taken against Hive Ransomware.”
In contrast to other high-profile ransomware cases, the US Justice Department has recently disclosed that Hive’s takedown is unique.
How does the cryptocurrency ransomware group operate?
Hive usually targets a victim by stealing sensitive data (emails, documents, images, and videos), after which it encrypts their computer files, according to the agency. The organization then demands a ransom in the form of cryptocurrency for the decryption key. The key is required to recover the files.
The group demands more money for a pledge not to post stolen information. If the victim didn’t pay, Hive would release the information on the dark web. According to a new estimate from Chainalysis, ransomware attacks generated $457 million in income in 2022 compared to $766 million in 2021, a 40% decline.