The FBI and the US Department of Justice destroyed its infrastructure teams Hive ransomware on Thursday, announcing that their agents were inside the team's systems as of July 2022.
FBI Director Christopher Wray said agents gained access to the control panel used by Hive operators seven months ago, allowing them to identify victims and offer decryption keys to more than 1.300 around the world. So they managed to prevent at least 130 million dollars from payments ransom.
“Unbeknownst to the Hive team, our research team legitimately infiltrated the network Hive and hid there for months, repeatedly stealing decryption keys and giving them to victims to free them from the ransomware,” said deputy attorney general Lisa Monaco; during a press conference on Thursday.
“For months, we helped victims defeat attackers and deprived the Hive network of high blackmail profits. Simply put, using legal means, we hacked the hackers and took down their business model."
The services reported that Hive has targeted 1.500 victims across more than 80 countries since it surfaced in June 2021, and Attorney General Merrick Garland listed dozens of specific cases where they were able to help victims deal with ransomware attacks.
The team earned at least $100 million in its first year of operation.
Christopher Wray said the operation was carried out in collaboration with Europol and law enforcement agencies in Germany, the Netherlands, Canada, the France, την Ιρλανδία, τη Λιθουανία, τη Νορβηγία, Portugal, Romania, Spain, Sweden and the United Kingdom.
He even noted that during their presence in Hive's systems, they found that only 20% about XNUMX% of victims reported ransomware incidents to authorities, stressing that victims simply pay the ransom.
No arrests have been announced at this time, but Wray told reporters that "anyone involved with Hive should be concerned because this investigation is still ongoing."
Wray said the FBI's work in this case was special because they've never had this kind of access to the backend of a ransomware group.
Technical details https://www.cisa.gov/uscert/ncas/alerts/aa22-321a