Product reviews, deals and the latest tech news

The US declares that it has taken control of the Hive ransomware gang’s leak sites and decryption keys

Law authorities in the United States and Europe have seized the infrastructure supporting the Hive ransomware operation, which is among the most successful of its kind.

Months after the federal government’s cybersecurity unit CISA raised the alarm about Hive’s continuous extortion activities, the U.S. Department of Justice, the FBI, the Secret Service, and various European government agencies collaborated to confiscate Hive’s dark web portal.

This hitherto unknown location has been discovered and captured. As part of a concerted law enforcement investigation against Hive Ransomware, the FBI has seized this site,” says a warning posted on the dark web leak site used by Hive. Together with the United States Attorney’s Office for the Middle District of Florida and the Department of Justice’s Computer Crime and Intellectual Property Section, as well as with significant contributions from Europol, this action has been taken.

On Thursday, the FBI stated that it has been able to access Hive’s network since July 2022, giving federal investigators the opportunity to seize and give decryption keys to victims throughout the world. U.S. Attorney General Merrick Garland announced at a news conference on Thursday that the FBI has assisted more than 1,300 victims of the Hive ransomware since taking control of the investigation. This has prevented victims from paying more than $130 million in ransom.

The government claims that the FBI stopped a Hive ransomware assault against a hospital in Louisiana, sparing the facility the need to pay a $3 million ransom. The FBI also stopped an attack on a school in Texas.

Hive, which uses a ransomware-as-a-service model, has historically focused on the healthcare and public health sectors. The Memorial Health System in Illinois was the first healthcare organisation the gang targeted in August 2021; subsequent victims included the public health service in Costa Rica and Empress EMS, a New York-based emergency response and ambulance service provider. In October, Hive also attacked Tata Power, one of India’s most important power utilities.

The FBI has seized two of Hive’s backend servers in Los Angeles, according to Garland, and has began destroying the company’s front and back-end infrastructure in the United States and internationally. Neither arrests nor indictments were made public by the FBI at the news briefing, and the agency did not explain how it had located the Hive servers.