DOJ takes down ransomware group with a ’21st century cyber stakeout’

Image: Dzelat / Shutterstock

After a months-long covert operation, the US Justice Department (DOJ) and its international partners have taken down an international ransomware network known as Hive, the agency announced Thursday. Since 2021, the Hive ransomware group has targeted more than 1,500 victims around the world, securing more than $100 million in ransom payments from hospitals, school districts, financial firms, and other entities. 

Also: 3 security gadgets I never leave home without

To dismantle the Hive network, the Justice Department operated a “21st century cyber stakeout”, according to Deputy Attorney General Lisa O. Monaco.

ZDNET Recommends

“Our investigative team turned the tables on Hive, swiping their decryption keys, passing them to victims, and ultimately averting more than $130 million dollars in ransomware payments,” she said in a statement. 

The FBI first penetrated Hive’s computer networks in July 2022. During the operation, the agency managed to secure more than 300 decryption keys for Hive victims who were under attack. It also retrieved more than 1,000 additional decryption keys for prior Hive victims. By capturing those decryption keys, the FBI saved victims from having to pay $130 million in ransom demanded. 

On Thursday, the DOJ worked with German and Dutch law enforcement to seize control of the servers and websites that Hive used to communicate with its members.

Also: NSA and CISA alert: This phishing scam could give hackers control of your PC

Hive used a ransomware-as-a-service model. Hive’s “developers” or “administrators”

Read more

Explore the site

More from the blog

Latest News