One of the world’s largest hacking groups, Hive, was hacked in a joint US-German action to stop the gang from collecting more than $130 million in ransomware lawsuits from some 300 victims, the FBI said Thursday.
These victims included hospitals and school districts across the country. The ransomware gang is famous for attacking healthcare organizations. During the investigation, data received from the websites was delivered to victims from 80 countries around the world, Bloomberg reported.
Hive’s servers were also seized by the German Federal Criminal Police and the Netherlands National High-Tech Crime Unit.
US government hackers used ethical methods to break into the Hive network and place the gang under surveillance, reported US Attorney General Merrick Garland, FBI Director Christopher Wray and Attorney General US Deputy Lisa Monaco, at a press conference on Thursday. This helped the government gain access to the digital keys used by the group to unlock the victim organization’s data.
“Using legal means, we hacked the hackers,” Monaco told reporters. “We turned Hive upside down,” they said.
News of the takedown first leaked when the Hive website was replaced by a flashing message: “The Federal Bureau of Investigation seized this site as part of a coordinated law enforcement action against Hive Ransomware,” Reuters reported on Thursday.
In a statement from the Baden-Wuerttemberg state police, German Police Commissioner Udo Vogel said that intensive cooperation across national borders and continents, strengthened by mutual trust, is the key to fighting the cyber crimes.
How is the takedown of Hive different from other high-profile ransomware cases in the US?
The recent hacking of the ransomware gang by US authorities is different from their previous high-profile ransomware cases, as this time, the victims were spared from paying the ransom.
Previous US government crackdown on hackers, such as a 2021 cyberattack on Colonial Pipeline Co., resulted in some $2.3 million in cryptocurrency ransom being seized after the company had already made the payment to hackers.
This time, the government was able to step in before Hive could demand the payments. The covert infiltration, which began in July 2022, went undetected by the gang until now.
More than 1,500 victims fell prey to ‘Hive’
According to the US Department of Justice, Hive has targeted more than 1,500 victims in 80 countries and has collected more than $100 million in ransomware payments, Reuters reported.
The news agency also reported that the investigative agency is expected to make some arrests in the case in the near future. Hive was responsible for at least 11 ransomware incidents involving US government organizations such as schools and healthcare providers last year, said Canadian researcher Brett Callow of cybersecurity firm Emsisoft.
“Hive is one of the most active groups, if not the most active,” he said in an email to Reuters.