Ransomware gang Hive, which had targeted over 1500 victims globally, has been successfully hacked and disrupted by the FBI this week. 

U.S. Attorney General Merrick Garland, FBI Director Christopher Wray, and Deputy U.S. Attorney General Lisa Monaco revealed at a news conference on Thursday that government hackers broke into the ransomware gang’s network and put them under surveillance.  

This allowed the U.S. Government to surreptitiously steal the digital keys the group used to unlock victim organizations’ data, thwarting them from collecting over $130 million in ransomware demands from over 300 victims. 

They then alerted the group’s victims in advance so they could take steps to protect their systems before Hive demanded the payments. 

“Using lawful means, we hacked the hackers,” Attorney General Monaco said.  

“We turned the tables on Hive.” 

Check out: Australia leads international task force against ransomware 

The takedown was reported when Hive’s website was replaced with a flashing message saying: “The Federal Bureau of Investigation seized this site as part of coordinated law enforcement action taken against Hive Ransomware.” 

Aside from the US Government, the German Federal Criminal Police and the Dutch National High Tech Crime Unit also took the ransomware group’s servers. 

“Intensive cooperation across national borders and continents, characterized by mutual trust, is the key to fighting serious cybercrime effectively,” said German police commissioner Udo Vogel in a statement from police and prosecutors in the state of Baden-Wuerttemberg, who assisted in the probe. 

The ransomware group was one of the most prolific hacker groups that extort international businesses by encrypting their data and demanding massive cryptocurrency payments in return. Throughout its operations, the group has successfully collected more than $100 million in ransomware payments. 

Check out: Young Aussies the least cyber aware generation 

Canadian researcher Brett Callow, of cyber security company Emsisoft, said that Hive was responsible for at least 11 incidents involving local organizations, schools, and healthcare providers last year. 

“Hive is one of the most active groups around, if not the most active,” he said. 

Hive’s takedown is distinct from some of the other high-profile ransomware cases, such as a cyber attack in 2021 against the Colonial Pipeline Co. No seizures were undertaken by the US Government as investigators were able to intervene before Hive demanded the payments.  

The undercover infiltration, which started in July 2022, went undetected by the gang until now. 

Although there were no arrests announced, one department official told reporters to “stay tuned.” 

Source: Reuters. Content has been edited for style and length. 

Eliza Sayon

Website | + posts

Eliza is a content producer and editor at Public Spectrum. She is an experienced writer on topics related to the government and to the public, as well as stories that uplift and improve the community.

• Eliza Sayon

  https://publicspectrum.co/author/eliza-sayonakolade-co/

  Developing an effective data ecosystem
• Eliza Sayon

  https://publicspectrum.co/author/eliza-sayonakolade-co/

  The journey of building an ecosystem through data
• Eliza Sayon

  https://publicspectrum.co/author/eliza-sayonakolade-co/

  NZ government strengthens data privacy laws against third parties
• Eliza Sayon

  https://publicspectrum.co/author/eliza-sayonakolade-co/

  eSafety Commissioner issues legal notice against Twitter