US authorities seize assets of Hive ransomware group
San Francisco, Jan 27
The authorities in the US have seized the assets of the major ransomware group Hive, which has extorted thousands of victims for over $100 million in extortion payments after law enforcement infiltrated its systems and seized decryption keys of its attack software.
According to The Guardian, an international law enforcement coalition including the FBI and the department seized the website for the group, which was considered among the most dangerous and prolific hacker groups that targeted hospitals and public infrastructure.
Ransomware is a malicious attack that infiltrates a computer network and encrypts files. Hackers then demand a ransom in the form of cryptocurrency to unlock the system.
"In a 21st-century cyber stakeout, our investigative team turned the tables on Hive. Using lawful means, we hacked the hackers," the US deputy attorney general, Lisa Monaco, was quoted as saying.
Commenting on the developments around FBI disrupting Hive ransomware, Kimberly Goody, Senior Manager, Mandiant Intelligence, Google Cloud told IANS "In 2022, Hive was the most prolific family that we directly observed in incident response engagements, accounting for over 15 per cent of the ransomware intrusions that we responded to. Their victims have spanned a wide range of countries, but the most significant impact has been in the US, with 50 per cent of all its public victims being based here. The actors behind the operation continued to develop it including rewriting the ransomware in Rust in mid-2022."
Hackers behind Hive used a 'ransomware-as-a-service' model, selling their ransomware code to affiliates who carried out the actual attacks, making it harder for authorities to identify and investigate them, said the report.
Moreover, the senior justice department officials said -- FBI agents accessed Hive's network last year in order to provide victims with decryption keys so they could regain control of their systems, blocking about $130 million in ransom demands.
The Hive ransomware attack in the summer of 2021 prevented a hospital in the US midwest from accepting new patients and forced it to run all its operations on paper.
"The disruption of the Hive service won't cause a serious drop in overall ransomware activity but it is a blow to a dangerous group that has endangered lives by attacking the healthcare system," John Hultquist, Head of Mandiant Threat Intelligence, Google Cloud, said in a statement to IANS.
"Unfortunately, the criminal marketplace at the heart of the ransomware problem ensures a Hive competitor will be standing by to offer a similar service in their absence, but they may think twice before allowing their ransomware to be used to target hospitals. Actions like this add friction to ransomware operations," he added.
According to the US Treasury Department, ransomware attacks cost US organisations $886 million in 2021, the most recent year for which statistics are available, the report mentioned.