FBI seizes website used by so-called Hive ransomware group

[uk666]

FBI seizes website used by so-called Hive ransomware group

The FBI has seized the computer infrastructure used by a notorious ransomware gang which has extorted more than $100 (£830) million from hospitals, schools and other victims around the world, US officials announced Thursday.

FBI officials since July have had extraordinary access to the so-called Hive ransomware group’s computer networks, FBI Director Christopher Wray said at a news conference, allowing the bureau to pass computer “keys” to victims so that they could decrypt their systems and thwart $130 (£104) million.

The dark-web website on which Hive listed its victims displayed a message in Russian and English Thursday that it had been taken over “as part of a coordinated law enforcement action” against the group by the FBI, Secret Service, and numerous European government agencies.

“Simply put, using lawful means, we hacked the hackers,” Deputy Attorney General Lisa Monaco.

The Hive ransomware has been particularly rampant in the health care sector. One ransomware attack using Hive malicious software, in August 2021, forced a hospital in the US Midwest to turn away patients as Covid-19 surged, Attorney General Merrick Garland said.

Other reported US victim organizations of Hive include a 314-bed hospital in Louisiana. The hospital said it thwarted a ransomware attack in October, but that the hackers still stole personal data on nearly 270,000 patients.

Thursday’s announcement is the latest in a series of Justice Department efforts to crack down on overseas ransomware groups that lock up US companies’ computers, disrupt their operations and demand millions of dollars to unlock the systems. Justice officials have seized millions of dollars in ransomware payments and urged companies not to pay off the criminals.

The ransomware epidemic grew more urgent for US officials after Colonial Pipeline, the major pipeline operator for sending fuel to the East Coast, shut down for days in May 2021 due to a ransomware attack from a suspected Russian cybercriminal. The disruption led to long lines at gas stations in multiple states as people hoarded fuel.

While the ransomware economy remains lucrative, there are signs that the US and international law enforcement stings are making a dent in the hackers’ earnings. Ransomware revenue fell to about $457 (£360) million in 2022, down from $766 (£621) million in 2021, according to data from cryptocurrency-tracking firm Chainalysis.

Cybersecurity professionals welcomed the Hive takedown, but some worried that another group would soon fill the void left by Hive.

“The disruption of the Hive service won’t cause a serious drop-in overall ransomware activity but it is a blow to a dangerous group that has endangered lives by attacking the healthcare system,” John Hultquist, a vice president at Google-owned cybersecurity firm Mandiant.

“Unfortunately, the criminal marketplace at the heart of the ransomware problem ensures a Hive competitor will be standing by to offer a similar service in their absence, but they may think twice before allowing their ransomware to be used to target hospitals,” Hultquist said.

Department of Health and Human Services has descried Hive as a “possibly Russian speaking” group.