Authorities in the United States and Germany announced on Thursday the dismantling of one of the world's leading
ransomware
attack networks , dubbed "
Hive
," which is accused of having extorted money from some
1,500 entities in 80 countries.
They estimate that, through extortion, they raised at least $100 million.
Hive's victims included Costa Rica's public health service (a country that was also hacked by
Conti
), India's Tata Power, German retail giant
Media Markt
, Indonesia's state-owned gas company, and various hospital groups from USA.
But also local victims, like Artear, in Argentina.
US Attorney General Merrick Garland said Hive's servers were seized and its site on the "darkweb" - the part of the internet
not accessible by conventional browsers - was seized.
"Last night, the Department of Justice dismantled an international ransomware ring responsible for extorting and attempting to extort hundreds of millions of dollars from victims in the United States and around the world," Garland said at a news conference in Washington.
Merrick Garland, US Attorney General, during the announcement.
AFP photo
The operation was carried out in coordination with the police forces of Germany and the Netherlands, as well as with Europol, said the director of the US federal police (FBI), Christopher Wray.
After infiltrating a computer system, ransomware cybercriminals encrypt company data and demand payment to unlock it.
First detected in June 2021, Hive is accused of collecting more than $100 million in ransom.
If victims refused to pay, Hive threatened to post confidential internal files and documents online.
On Thursday, Hive's darkweb site was frozen and a screen that alternated between English and Russian said it had been taken over by the FBI.
Later, Europol confirmed that they managed to steal the encryption keys to return the hijacked files to the victims:
The operation
By June, the FBI had successfully penetrated Hive's networks and recovered its encryption key, which it offered to victims around the world in the months that followed, allowing them to avoid paying $130 million in ransoms. Wray said.
Thanks to this, a Texas school district, a Louisiana hospital and an unnamed food service company, for example, did not have to pay millions of dollars in ransom after being attacked by Hive, US officials said.
The FBI also distributed copies of this key to former Hive victims so they could fully recover their data.
"Unfortunately, during these seven months, we discovered that only
20% of the Hive victims had alerted the police
," said the FBI chief, who called on all companies and entities to contact their agents as soon as possible in case Of attack.
The Stuttgart, Germany, prosecutor's office said in a statement that the operation, dubbed "
Dawnbreaker
," originated from an investigation that its services opened after attacks against companies in the region.
These, however, "did not give in to the blackmail and informed the authorities," he stressed.
"Once again, it has been shown that intensive and mutually trusting cooperation across borders and continents is the key
to an effective fight against major cybercrime
," said Udo Vogel, police chief of Reutlingen (southwest of Germany), cited in the statement.
"We hacked the hackers", celebrated the number two of the US Department of Justice, Lisa Monaco.
"For months, we helped victims fight their attackers and deprived the network of their criminal profits," he said.
US authorities did not say who is behind Hive or if there would be any arrests after the operation,
indicating that the investigation is ongoing.
The investigation involved the FBI, Germany's Reutlingen Police Headquarters, Germany's Federal Criminal Police, the Netherlands' National High-Tech Crime Unit, and Europol.
look also
LastPass: the cyberattack was more serious than previously thought
Riot Games, creators of League of Legends and Valorant, was attacked by ransomware