US Government Strikes back against Ransomware Gang

Who is ‘Hive?’

The US has announced that it has infiltrated a cybercrime gang and secretly sabotaged their attacks across six months.

The Department of Justice (DOJ) said that the Federal Bureau of Investigations had deep access to the Hive ransomware gang in the latter half of July last year.

The cybercrime gang has targeted over 1 and half a thousand people worldwide and has received more than $100 million in ransom payments.

Hive’s ransomware attacks are known as they have caused severe disruptions in daily operations, more recently affecting COVID-19 responses.

The DOJ revealed that officers were warning victims of attacks, also giving over 300 decryption keys to victims who were hacked, saving them what they estimate, around $130 million.

The victims

Hive’s victims include hospitals, school districts, financial companies, and critical infrastructures.

The victims are located all across the globe, in more than 80 countries.

The FBI worked with local law enforcement to help victims recover after attacks. They worked with the UK’s own National Crime Agency which gave around 50 UK-based organisations decryption keys.

The US then said that it ended the operation and took down Hive’s websites and communication networks with help from German and Dutch police forces.

Attorney General Merrick Garland stated:

“Last night, the Justice Department dismantled an international ransomware network responsible for extorting and attempting to extort hundreds of millions of dollars from victims in the United States and around the world.”

Deputy Attorney General Lisa O Monaco said:

“Simply put, using lawful means, we hacked the hackers.”

The Department of Justice has said it would pursue those responsible for Hive until they were brought to justice.

The head of Threat Intelligence at Mandiant, John Hultquist stated:

“A good covert operation can degrade confidence in operational security and inject suspicion among actors,”

Adding as well, “Until the group is arrested, they will never truly be gone. They will have to reconstitute, which takes time, but I’ll bet that they reappear in time.”

Other threats

Some researchers and cyber authorities have thrown accusations at Russia, as they believe Russia is harbouring ransomware gangs.

In November of 2021, some potential members of the ‘REvil’ gang were arrested all over the world, where the US authorities found more than $ 6 million worth of cryptocurrency.

Another operation conducted by the US in June of 2021, left the Darkside gang offline and $4.1 million of stolen funds were recovered.

NetWalker, another ransomware group, had their darknet websites taken offline, and one of their affiliates was arrested in Canada in January of 2021.

All of those cases have now seen the hacking groups mostly disbanded, however, they may have re-formed into other groups.

Research now shows that ransomware groups have seen a 40% decrease in earnings as of 2022 due to victims refusing to pay the ransom.

Kim Wiles, Nominet government cyber services expert, said “we expect initiatives like this to only grow stronger between allied cyber powers, to ensure that governments, organisations, and citizens will be better protected”.

Here at Itek, we can help protect your business from ransomware, if you need help with cyber security then contact our team.