Current:Home > Contact-usFBI says it 'hacked the hackers' to shut down major ransomware group-LoTradeCoin
FBI says it 'hacked the hackers' to shut down major ransomware group
View Date:2024-12-23 23:30:12
WASHINGTON — The Department of Justice on Thursday announced the destruction of the Russian-linked Hive ransomware group after a global law enforcement operation that ran for months.
The criminal syndicate sold ransomware tools and services to affiliates around the world starting in the summer of 2021, at the height of the COVID-19 pandemic.
They received more than $100 million in profits from victims who paid to get their data back or prevent it from being leaked. According to the Justice Department, Hive targeted more than 1,500 victims in over 80 countries, from hospitals to Costa Rica's public health agency, crippling businesses and harming critical infrastructure.
The FBI says it hacked into Hive's networks in July 2022, burrowing into its digital infrastructure to spy on the group's operations and gather important intelligence before ultimately dismantling the operation on Wednesday night.
"Simply put, using lawful means, we hacked the hackers," explained Deputy Attorney General Lisa Monaco during a press conference Thursday.
Assisting the victims
According to FBI Director Chris Wray, law enforcement officers were able to provide digital keys to victims who had notified the FBI. This allowed the victims to retrieve their files and return to business without paying a ransom. The Justice Department claims the intervention saved over $130 million in ransom payments, a figure that could have been higher had more victims come forward.
Additionally, the FBI and its partners in Europol and German and Dutch law enforcement were able to completely take over Hive's digital infrastructure, from its command and control servers to its darkweb extortion website where it advertises its victims and dumps stolen data.
On Wednesday evening, the leak site was replaced with a banner from the international group of law enforcement agencies announcing the seizure.
The infiltration and ultimate disruption of the Hive ransomware group is the latest effort by the Department of Justice to fight back against the plague of damaging and costly ransomware attacks in recent years.
In July 2021, the Biden administration launched the Ransomware and Digital Extortion Task Force, bringing together resources from the Justice Department and the Department of Homeland Security to seek and act on intelligence about ransomware.
The Justice Department has also sanctioned tools ransomware groups use to hide and move their money, seized cryptocurrency wallets belonging to ransomware groups, and arrested prominent ransomware actors.
A warning to other ransomware groups
The operation targeting Hive continues in a pattern of using several different tools to respond to ransomware groups in different ways.
"We've made it clear that we will strike back against cybercrime using any means possible," said Monaco, the deputy attorney general.
The Justice Department did not announce any specific arrests or information about how it located Hive's servers. When asked whether the group has ties to Russia or whether arrests might be announced in the future, Attorney General Merrick Garland said he wouldn't comment further on ongoing investigations.
Ransomware expert and cybersecurity analyst Allan Liska explained that the Justice Department's decision to disrupt Hive makes sense, because the intelligence value of hiding in their networks was decreasing.
"I think one of the big reasons is we've seen a significant slowdown in Hive attacks," he said. Without revenue from victims, Hive may have made the choice to shut down, he said. "So it makes sense as a good time to go ahead and seize everything and grab as much intelligence as you can from them."
Liska said he also expects the Justice Department to announce arrests in the future. But perhaps most importantly, the operation should inspire fear that the FBI is lurking in the networks of other ransomware groups, he added.
"So it's a pretty impressive operation overall. And I like the fact that they were very clear that, 'Yeah, we infiltrated their network and we spent what is it now, eight months in that network,'" said Liska. "That has got to have a whole lot of other ransomware groups really, really nervous right now."
While Hive has not been one of the most damaging ransomware groups, it was responsible for a large number of incidents.
According to Kimberly Goody, a senior manager at Mandiant Threat Intelligence and Google Cloud, Hive ransomware was found in over 15 percent of the intrusions her team responded to in 2022, over 50 percent of them in the United States and many impacting the healthcare sector.
Hive has been destroyed, but ransomware experts said the operators will most likely join other groups or rebuild, a common phenomenon in what's become a global industry.
Additionally, members in Russia will likely continue to operate with impunity, as the Russian state has often declined to pursue investigations, arrests, or extradite those charged to the United States.
However, the disruption forces those operators to pause and do costly and time-consuming work to rebuild.
"Actions like this add friction to ransomware operations. Hive may have to regroup, retool, and even rebrand," said John Hultquist, the head of Mandiant Threat Intelligence within Google Cloud.
"The disruption of the Hive service won't cause a serious drop in overall ransomware activity, but it is a blow to a dangerous group that has endangered lives by attacking the healthcare system," he said.
veryGood! (93)
Related
- A $1 billion proposal is the latest plan to refurbish and save the iconic Houston Astrodome
- Two deaths linked to listeria food poisoning from meat sliced at deli counters
- In RNC speech, Trump recounts surviving assassination attempt: I'm not supposed to be here
- Three courts agree that a woman deemed wrongfully convicted should be freed. She still isn’t.
- Opinion: NFL began season with no Black offensive coordinators, first time since the 1980s
- Alaska election officials to recalculate signatures for ranked vote repeal measure after court order
- Soccer Star Neymar Welcomes Baby No. 3 Less Than 9 Months After Daughter With Bruna Biancardi
- Lawsuit filed over Alabama law that blocks more people with felony convictions from voting
- Week 10 fantasy football rankings: PPR, half-PPR and standard leagues
- New judge sets ground rules for long-running gang and racketeering case against rapper Young Thug
Ranking
- Reds honor Pete Rose with a 14-hour visitation at Great American Ball Park
- Paris Olympics see 'limited' impact on some IT services after global tech outage
- Florida man arrested, accused of making threats against Trump, Vance on social media
- Louisiana Supreme Court Justice Jimmy Genovese to lead Northwestern State
- Kennesaw State football coach Brian Bohannon steps down after 10 seasons amid first year in FBS
- Tech outage halts surgeries, medical treatments across the US
- Get an Extra 70% Off J.Crew Sale Styles, an Extra 20% Off Pottery Barn Clearance & More Weekend Deals
- Reggie Miller praises Knicks' offseason, asks fans to 'pause' Bronny James hate
Recommendation
-
Brian Kelly asks question we're all wondering after Alabama whips LSU, but how to answer?
-
Laneige Is 30% Off Post-Prime Day in Case You Missed Picks From Alix Earle, Sydney Sweeney & More Celebs
-
Carroll Fitzgerald, former Baltimore council member wounded in 1976 shooting, dead at 89
-
The bodies of 4 Pakistanis killed in the attack on a mosque in Oman have been returned home
-
Roster limits in college small sports put athletes on chopping block while coaches look for answers
-
Nevada judge who ran for state treasurer pleads not guilty to federal fraud charges
-
Team USA sprinter Quincy Hall fires back at Noah Lyles for 4x400 relay snub
-
A man kills a grizzly bear in Montana after it attacks while he is picking berries