The FBI infiltrated and disrupted a major cybercriminal group extorting money from schools, hospitals and critical infrastructure around the world, federal officials said Thursday.
The group, Hive, is one of the most prolific hacker gangs in the world, having received around $100 million in extortion payments, according to a november warning from the FBI, Health and Human Services, and the Cybersecurity and Infrastructure Security Agency. As of Thursday morning, his dark web website displayed a message saying that he had been seized by an international coalition of law enforcement, including the FBI and the Department of Justice.
The FBI said it gained access to Hive’s computer networks in July 2022, acquiring decryption keys for more than 1,300 current and past victims, helping to avoid more than $130 million in demanded ransom money. Ransomware hackers extort money from victims by hacking into an organization, then encrypting their files, rendering computers useless, or stealing and threatening to leak those files. Previous ransomware attacks have resulted in the disclosure of sensitive information about law enforcement officers and school children.
Those numbers underscore just how big the ransomware crime ecosystem has grown. Jen Ellis, co-chair of the Ransomware Task Force, a cybersecurity industry association to tackle ransomware, said Thursday’s removal was an important step, but it probably wouldn’t stop Hive entirely.
The FBI did not announce any arrests, but is still investigating the group. FBI Director Christopher Wray and Attorney General Merrick Garland announced the action at a news conference.
The takedown is a rare victory against a ransomware gang. Such groups often act with near impunity when attacking targets in the US and around the world.
“In the grand scheme of things, it probably won’t break Hive, but it’s all about attrition and cost,” Ellis said.
Ransomware gangs are often decentralized, with affiliated members that may be scattered around the world. But as is often the case with such groups, Hive’s core group spoke Russian, said Allan Liska, a ransomware analyst at cybersecurity firm Recorded Future.
Russia does not extradite its citizens, and the White House has had trouble convincing the Kremlin to take action against its international cybercriminals.
At a news conference following the announcement, Attorney General Merrick Garland declined to comment on the Kremlin’s relationship with Hive.
The US Department of State’s Rewards for Justice program, which offers rewards for information related to high-profile terrorists and cybercriminals, Announced on Thursday that it would pay up to $10 million for information linking Hive hackers to a foreign government.
The Treasury Department has Estimate that in 2021, the most recent year for which it has public data, ransomware attacks cost US organizations $886 million.
Michael Daniel, president of the Cyber Threat Alliance, an industry group that acts as a clearinghouse for threat information among cybersecurity firms, said he hoped the takedown of the FBI would curb the global threat of ransomware.
“I would say the impact will be felt over a period of time,” Daniel said.
But law enforcement must be consistently aggressive against those hackers to have a significant impact, he said.
“What I think we need to see is these types of takedowns happen very frequently,” Daniel said.