DOJ says it disrupted a major global ransomware group
The US Department of Justice has spent months infiltrating and disrupting the Hive ransomware group, the agency announced on Thursday. The DOJ says Hive has targeted over 1,500 victims in more than 80 countries, extorting hundreds of millions of dollars in ransom payments.
Working with German and Netherlands law enforcement, the FBI seized Hive’s servers and websites, allegedly slowing the group’s ability to attack and extort new victims. It first infiltrated Hive’s network in July 2022, providing over 300 decryption keys to Hive’s current victims and more than 1,000 keys to previous victims — preventing over $130 million in ransom payments. The agency hasn’t announced any arrests. However, it’s still investigating the group, according toNBC News.
Hive used a ransomware-as-a-service (RaaS) model, where administrators (essentially the ringleaders) create ransomware strains with easy-to-use interfaces. The administrators then recruit affiliates who use the ransomware software to carry out the theft — and likely much of the risk.
For example, Hive would steal a victim’s data and encrypt their system. The affiliate would then demand a ransom in exchange for the decryption key and a promise not to publish the data. (Of course, it would frequently target the most sensitive data to apply maximum pressure.) If the victims pay, affiliates and administrators would split the ransom 80 / 20. Those unwilling to pay would find their data leaked on the web.
The US Cybersecurity and Infrastructure Security Agency (CISA) says Hive gained access through single-factor logins via Remote Desktop, VPNs, exploiting FortiToken (software-based access key) vulnerabilities and phishing emails with malicious attachments.
“Last night, the Justice Department dismantled an international ransomware network responsible for extorting and attempting to extort hundreds of millions of dollars from victims in the United States and around the world,” said US Attorney General Merrick Garland today. “We will continue to work both to prevent these attacks and to provide support to victims who have been targeted. And together with our international partners, we will continue to disrupt the criminal networks that deploy these attacks.” The FBI recommends victims contact their local FBI field office.
The US Department of Justice has spent months infiltrating and disrupting the Hive ransomware group, the agency announced on Thursday. The DOJ says Hive has targeted over 1,500 victims in more than 80 countries, extorting hundreds of millions of dollars in ransom payments. Working with German and Netherlands law enforcement,…
Recent Posts
- Quordle today – hints and answers for Friday, May 3 (game #830)
- NYT Strands today — hints, answers and spangram for Friday, May 3 (game #61)
- Microsoft says it did a lot for responsible AI in inaugural transparency report
- Samsung’s best customization app for Galaxy phones is now on Google Play
- Want to Buy a Decommissioned Supercomputer? Here’s Your Chance
Archives
- May 2024
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- December 2011