The FBI has seized the infrastructure for the prolific ransomware organization known as the Hive ransomware group. The Hive dark web site now displays an infographic indicating that the FBI in a joint operation with several other authority agencies from around the world had conducted a joint investigation and seizure of Hive ransomware assets. ‘
The FBI infiltrated the group last summer and monitored the threat actor’s operations from within the groups environment in order to subtly sabotage several of their ransomware attempts. The FBI was able to utilize decryption keys of which it gained access to hinder or stop the loss of over 130 million in extortion payments.
Hive is a notorious group known for targeting several healthcare providers in the US, including a nursing home chain. It was calculated that Hive had victimized more than 1300 companies and had made about 100 million in extortion money. They also targeted healthcare organizations during the covid surge and may have been indirectly responsible for deaths due to hospitals having to turn away patients as their records systems were offline.
This campaign is part of a broader attempt to crack down on ransomware groups globally, with US criminal justice organizations partnering with European agencies in order to take the fight to them. Many of the groups typically operate from within Russia with the tacit support of the Russian government, which gives them some degree of protection, though it appears the US and European governments may be getting more aggressive with these groups.
One interesting anecdote indicates that based upon the FBI’s analysis of Hive’s internal infrastructure, only 1 out of 5 organizations contacted law enforcement when they were targeted. Organizations may have feared the reputation hit or potential customer repercussion for a ransomware attack. Most states require organizations to disclose data breaches or ransomware attacks by law, though there is currently no federal law in place requiring disclosure of the attack.
While the Hive group was a prolific threat actor who had a long victim list, there are many more ransomware groups still conducting activities all over the world. It is clear the fight to stop ransomware will be a long and difficult one.