The Ministry of Justice, FBI, Europol and others succeeded in dismantling the ransomware group 'Hive' targeting more than 1,500 people in more than 80 countries around the world

On January 26, 2023, the U.S. Department of Justice invaded the network of the ransomware group 'Hive' and obtained the decryption key for decrypting the ransomware. It announced that it blocked payment of 10,000 dollars (about 17 billion yen). In addition, the FBI has already revealed that it has been infiltrating the Hive network since July 2022 and obtaining the decryption key.

US Department of Justice Disrupts Hive Ransomware Variant | OPA |
https://www.justice.gov/opa/pr/us-department-justice-disrupts-hive-ransomware-variant

Director Christopher Wray's Remarks at Press Conference Announcing the Disruption of the Hive Ransomware Group — FBI
https://www.fbi.gov/news/speeches/director-christopher-wrays-remarks-at-press-conference-announcing-the-disruption-of-the-hive-ransomware-group


Cybercriminals stung as HIVE infrastructure shut down | Europol
https://www.europol.europa.eu/media-press/newsroom/news/cybercriminals-stung-hive-infrastructure-shut-down

Hive ransomware attacks have wreaked havoc around the world. In some cases, hospitals, especially those struggling to respond to the new coronavirus pandemic, have been attacked by ransomware, and in some cases the attack has made it impossible to accept new patients.

According to the Justice Department, Hive used a model called `` Ransomware as a Service (RaaS) ''. RaaS is a subscription-based model in which a group of developers creates ransomware and an easy-to-use interface to operate it, and gives it to attackers.

Then, the attacker will deprive the victim of the ransom twice under the condition of ``decrypting the confidential data encrypted by ransomware'' and ``not disclosing the confidential data obtained at the same time''. It seems that the developer group was rewarded with 20% of the ransom received by the attacker.

Since late July 2022, the FBI has invaded Hive's computer network, obtained more than 300 decryption keys, and provided them to victims. The FBI said, ``Unfortunately, we found that only about 20% of the victims reported to law enforcement that they had been hit by Hive,'' and reported the damage to law enforcement. It claims to be able to decrypt encrypted sensitive data.

After that, the FBI and the Justice Department cooperated with Europol (European Criminal Police Organization) and announced that they had succeeded in gaining control of the servers and websites used by Hive. According to this investigation, it was possible to prevent payment of ransom of more than $ 130 million. 'We will continue to gather evidence to identify Hive developers, administrators, and people involved, and share it with the FBI and our domestic and international partners to aid in arrests, seizures, and other operations,' the FBI said in a statement. ' said.

The Hive ransomware group, which targeted governments, businesses, and organizations worldwide, was successfully disrupted. This coordinated operation with our global partners prevented $130 million+ in ransom payments. #ReportTheCompromise to https://t.co/lEI0AleTdE pic.twitter.com /t09gqR3wBH

—FBI (@FBI) January 26, 2023

“Cybercrime is an ever-evolving threat,” said Attorney General Merrick Garland. We will spare no resources to prevent ransomware attacks, we will continue to work to both prevent ransomware attacks and assist targeted victims, and we will continue to deploy these attacks with our international partners. We will continue to destroy the criminal networks that threaten us,” he said.