Authorities in the United States and Germany announced on Thursday the dismantling of a major attack network of ransomware of the world, called “hive“, accused of extorting some 1,500 entities in 80 countries. They estimate that, through extortion, they have raised at least $100 million.
Among the victims of Hive was the public health service of Costa Rica (a country also attacked by with you), Tata Power of India, the German retail giant Mediamarktthe Indonesian state gas company and several hospital groups in the United States.
But also local victims, such as Artear, in Argentina.
US Attorney General Merrick Garland said Hive’s servers were hijacked and its site on the “darkweb” – the part of the internet that Conventional browsers do not access them.
“Last night, the Justice Department took down an international ransomware ring responsible for extorting and attempting to extort hundreds of millions of dollars from victims in the United States and around the world,” Garland said at a press conference in Washington.
The operation was carried out in coordination with the police forces of Germany and the Netherlands, as well as Europol, said the director of the US Federal Police (FBI), Christopher Wray.
After infiltrating a computer system, ransomware cybercriminals encrypt company data and demand payment to unlock it.
First detected in June 2021, Hive is alleged to have raised more than $100 million in ransom money. If victims refused to pay, Hive threatened to publish confidential internal files and documents online.
On Thursday, Hive’s darkweb site froze and a screen alternating between English and Russian said it had been taken over by the FBI.
Later, Europol confirmed that it managed to steal the encryption keys to return the hijacked files to the victims:
The operation
In June, the FBI successfully hacked into Hive’s networks and recovered its encryption key, which it offered to victims around the world over the next several months, allowing them to avoid paying a $130 million ransom, he said. said Wray.
Thanks to this, a Texas school district, a Louisiana hospital and an anonymous food service company, for example, did not have to pay millions of dollars in ransom money after being attacked by the Hive, US officials said.
The FBI also distributed copies of this key to former Hive victims so they could fully recover their data.
“Unfortunately, during these seven months, we have discovered that only the 20% of Hive victims had alerted the police“, said the FBI chief, who invited all companies and entities to contact their agents as soon as possible in the event of an attack.
The prosecutor’s office in Stuttgart, Germany, said in a statement that the operation, dubbed “Sunrise“, originated in an investigation that his services opened after the attacks on companies in the region.
However, these “did not give in to the blackmail and informed the authorities”, he stressed.
“Once again, it has been shown that the key is intense cooperation and mutual trust across borders and continents for an effective fight against the main cyber crimesa,” said Udo Vogel, police chief of Reutlingen (southwestern Germany), quoted in the statement.
“We hacked the hackers,” praised the number two of the US Department of Justice, Lisa Monaco.
“For months, we’ve been helping victims fight off their attackers and depriving the network of their criminal profits,” he said.
US authorities have not said who is behind Hive or whether there will be arrests after the operation closes. indicating that the investigation is ongoing.
The investigation involved the FBI, the German police headquarters in Reutlingen, the German Federal Criminal Police, the High-Tech Criminal Unit of the Netherlands and Europol.
Source: Clarin
Linda Price is a tech expert at News Rebeat. With a deep understanding of the latest developments in the world of technology and a passion for innovation, Linda provides insightful and informative coverage of the cutting-edge advancements shaping our world.