Enlarge image
The hackers have attacked more than 1,500 companies since mid-2021
Photo: Sebastian Gollnow / dpa
Where the Hive hackers made their latest attacks public until recently, a banner from the US authorities is now emblazoned: "The FBI confiscated this site as part of a coordinated investigation," says the Darknet site, which once belonged to the so-called ransomware -Gang belonged.
Now, among other things, the logos of the US Department of Justice, the cybercrime department of the Federal Criminal Police Office and the police headquarters in Reutlingen in Baden-Württemberg can be seen there.
The authorities are all involved in an international cooperation against Hive, which became known on Thursday.
"A large number of servers were confiscated, data and accounts of the network and its users were secured," said the Stuttgart public prosecutor's office and the Reutlingen police headquarters, among others.
Investigators basically suspect that many of the ransomware extortionists operate out of Russia.
As a message to the cybercrime scene, the shutdown banner on Hive's dark web site was therefore also published in Russian.
The hackers had attacked more than 1,500 companies since mid-2021, including 70 in Germany, the authorities said on Thursday.
Three of them were in Baden-Württemberg.
The Criminal Investigation Directorate in Esslingen had tracked down the network during investigations into a company affected there.
In Germany, Hive was associated, among other things, with a successful attack on MediaMarktSaturn in November 2021.
At that time, the company's data was encrypted and the blackmailers are said to have demanded a ransom of 50 million dollars.
The US Department of Justice in Washington said that since June 2021, the network has stolen more than $100 million in ransom with its ransomware.
Hospitals, school districts, financial firms and important infrastructure in more than 80 countries were affected.
The FBI "secretly infiltrated the Hive network," the US Department of Justice said on Twitter.
Ransom demands of over $130 million were thwarted.
It was not initially known how exactly the authorities found out about the criminals.
No information was made public about possible arrests or the backers of the hackers.
Hive is a so-called ransomware group.
Such cybercriminals encrypt their victims' data and thus paralyze their systems.
The attackers usually only release the data again after those affected have paid a ransom.
In order to increase the pressure on their victims, the criminals have been starting to publish parts of the stolen data for some time.
(Read more about the blackmailers' business here.)
ani/hpp/Reuters