In July, the FBI confiscated the group’s infrastructure as part of an international law enforcement operation, including their Tor payment and data leak sites.
Six months of covert surveillance of the Hive ransomware gang’s infrastructure was revealed by the U.S. Department of Justice and Europol in January 2023.
This operation enabled them to detect impending attacks, alert targets, and collect and distribute decryption keys to victims, saving an estimated $130 million in ransom payments.
According to the Justice Department bulletin, the FBI has been working since late July 2022 to infiltrate Hive’s computer networks, grab its decryption keys, and distribute them to victims worldwide to prevent them from paying the $130 million ransom.
Over 300 Hive victims have been given decryption keys after the FBI infiltrated the Hive network in July 2022. The FBI also sent over a thousand more decryption keys to former Hive inmates.
An application for a warrant states that the FBI accessed three servers at a California hosting provider, two dedicated and one virtual private, by using email addresses believed to belong to members of the Hive.
“This hidden site has been seized. The Federal Bureau of Investigation seized this site as part of a coordinated law enforcement action taken against Hive Ransomware,” reads the seizure notice.
Thanks to this access, law enforcement verified that the servers in question served as the primary data leak site, negotiation site, and web panels for the operation’s administrators and affiliates.
The FBI verified the accuracy of the information it had obtained through the decryption key operation by comparing it to the database discovered on Target Server 2. This database contained records of communications between Hive members, hash values for malware files, details on 250 affiliates, and victim information.
In other words, who is Hive?
A ransomware-as-a-service, Hive was released by cybercriminals in June of 2021. (RaaS). They often get access to networks by phishing, security flaws in internet-connected devices, or by acquiring credentials.
After hackers get into a company’s network, they steal unprotected customer data and use it as leverage in extortion demands.
The victims of the ransomware group’s attacks have ranged from the non-profit Memorial Health System to the retail giant MediaMarkt to the telecoms firms Bell Technical Solutions (BTS) and Tata Power to the New York Racing Association.
MANAGED CYBERSECURITY SOLUTIONS
Rhyno delivers a range of activities that combine to fully protect your infrastructure and data from cybercriminals, anywhere and everywhere, 24/7/365.
About Rhyno Cybersecurity Services
Rhyno Cybersecurity is a Canadian-based company focusing on 24/7 Managed Detection and Response, Penetration Testing, Enterprise Cloud, and Cybersecurity Solutions for small and midsize businesses.
Our products and services are robust, innovative, and cost-effective. Underpinned by our 24x7x365 Security Operations Centre (SOC), our experts ensure you have access to cybersecurity expertise when you need it the most.