The long arm of the law has grabbed the Hive ransomware operation, and it appears to have been shut down as part of a major law enforcement operation involving agencies in 10 countries. A message in English and Russian on the Hive ransomware operation’s Tor-based website reads: “The Federal Bureau of Investigation seized this site as part of a coordinated law enforcement action taken against Hive Ransomware.” Another message says the action was taken in coordination with Europol and authorities in Florida, which indicates that more details will likely be made available in the upcoming period by the Justice Department and Europol.
See: https://redskyalliance.org/xindustry/stopransomware-hive-ransomware
The US Department of Justice has confirmed the dismantling of the Hive ransomware operation. Until law enforcement agencies confirm the shutdown of Hive, there is a slight chance that the cybercriminals themselves posted the website seizure notice. Hacker groups falsely claiming to have been shut down by police are not unheard of. A ransomware expert working for the threat intelligence company Recorded Future reported that the Hive infrastructure was seized. He also posted an image showing that many well-known ransomware groups have fallen.
The US government reported in November 2022 that the Hive ransomware gang had hit more than 1,300 businesses and made an estimated $100 million in ransom payments. Data collected by the DarkFeed deep web intelligence project shows that Hive was still active last week.
The Hive ransomware operation was launched in 2021. Offered under a Ransomware-as-a-Service (RaaS) model, the ransomware was often used against healthcare organizations and other critical infrastructure organizations. The hackers used malware to encrypt the target’s files, but not before stealing data that could be used to pressure the victim into paying up. A South Korean cybersecurity agency released a free decryptor for files encrypted with the Hive ransomware in the summer of 2022.
According to sources, the FBI infiltrated the Hive “control panel” in July 2022, allowing agents to identify victims and obtain decryption keys that allowed victims to recover encrypted files, preventing $130 million in ransom payments. In addition to seizing the domain associated with Hive’s leak website, law enforcement shut down servers used by cybercriminals to store data. Authorities continue investigating to identify the threat actors involved in the Hive operation, including developers, administrators, and affiliates.
View: https://redskyalliance.org/redshorts2022/15-hive-ransomware-methods
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225, or feedback@wapacklabs.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www. redskyalliance. org/
- Website: https://www. wapacklabs. com/
- LinkedIn: https://www. linkedin. com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/5504229295967742989
Comments