By
Staff
Writer.
After
six
months
of
covert
disruptions,
the
Federal
Bureau
of
Investigation
(FBI)
shut
down
the
Hive
ransomware
group
last
week,
disabling
their
services
and
websites.
“We
hacked
the
hackers,”
said
the
law
enforcement
agency
in
media
statements.
However,
the
agency
made
no
arrests.
Detailing
the
operation,
the
Department
of
Justice
(DOJ)
confirmed
that
the
FBI
infiltrated
the
Hive
ransomware
group
in
July
2022.
They
began
a
disruption
campaign,
which
included
providing
more
than
300
decryption
keys
to
Hive
targets
and,
in
the
process,
deprived
the
cyber-gang
of
approximately
US$130
million
in
potential
ransom
payments.
“The
FBA
has
labelled
Hive
a
top
five
ransomware
threat,
both
for
its
technical
sophistication
and
for
the
harm
it
can
inflict
on
victims,”
said
US
Deputy
Attorney
General
Lisa
Monaco.
“But
for
all
the
group’s
technical
prowess,
it
could
not
outfox
our
prosecutors,
agents,
and
international
law
enforcement
coalition.”
Hive
developed
the
ransomware
in
June
2021
and
sold
it
as
a
ransomware-as-a-service,
providing
the
product
to
other
cyber-groups,
with
Hive
collecting
20%
of
the
ransom.
Since
becoming
embedded
in
the
system
in
July,
the
FBI
watched
and
waited
while
criminals
targeted
victims
and
issued
ransoms.
The
FBI
said
these
slow-burn
infiltrations
of
cyber-gangs
were
becoming
more
common.
This
most
recent
success
followed
the
FBI’s
involvement
in
Operation
Ironside,
which
saw
that
agency
and
the
Australian
Federal
Police
(AFP)
take
over
AN0M,
a
dedicated
encrypted
communications
platform
favoured
by
professional
criminals.
US
Attorney
General
Merrick
Garland
says
the
FBI
will
continue
to
disrupt
the
rising
threat
of
cyber-criminal
enterprises.
“We
hide
in
the
network.
We
watch
as
they
proceed
with
their
attacks,
we
discover
the
keys,
and
we
deliver
the
keys
to
the
victims
so
that
they
can
decrypt
their
systems
and
don’t
have
to
pay
the
ransom,”
he
said
last
week
about
Hive.
“Finally,
we
take
down
the
infrastructure.
We
take
down
the
servers
that
power
Hive’s
ability
to
go
ahead.
We
can
only
do
that
once
we’re
able
to
locate
where
the
servers
are,
and
that’s
what
we
were
able
to
do
only
very
recently,
and
we
resolved
the
matter
last
night.”
Led
by
FBI
investigators
from
the
Tampa
Division,
one
of
the
last
breakthroughs
was
locating
two
back-end
server
computers
used
to
store
critical
network
data
and
located
in
Los
Angeles.
Once
identified,
the
FBI
obtained
court
orders,
and
the
servers
seized.
“The
seizure
of
both
the
dedicated
leak
site
and
victim
negotiation
portal
is
a
major
setback
to
the
adversary’s
operations,”
said
Adam
Meyers,
head
of
intelligence
at
CrowdStrike.
“Without
access
to
either
site,
Hive
affiliates
will
have
to
rely
on
other
means
of
communication
with
their
victims
and
will
have
to
find
alternate
ways
to
publicly
post
victim
data.”
Since
shutting
down
the
Silk
Road
marketplace
in
2013,
the
FBI
has
steadily
increased
its
cyber-disruption
activities,
including
making
some
arrests.
In
mid-2021,
the
FBI
took
the
DarkSide
cyber
gang
offline
and
shut
it
down.
Later
that
year,
members
of
the
notorious
REvil
gang
were
arrested
with
some
money
retrieved
and
returned
to
victims.
“We
will
not
rest
when
it
comes
to
Hive
and
its
affiliates,”
said
Garland.
“If
you
target
victims
here
in
the
United
States,
we
will
target
you.”
About Author
