FBI Hacked Hive's Ransomware Gang Server To Save Victims From Dispute

JAKARTA - The FBI (US Federal Investigator) on Thursday, January 26 revealed that it had secretly hacked and disrupted a prolific ransomware gang called Hive. This is a maneuver that allows the bureau to thwart a hacker group from raising more than $130 million (Rp1.94 trillion) in ransom demands from more than 300 victims.

At a news conference, US Attorney GeneralSUes Garland, FBI Director Christopher Wray, and US Deputy Attorney General Lisa Monaco said government hackers broke into Hive's network and put the gang under surveillance, and secretly stole digital keys that hacker groups used to unlock victims' data organizations.

They can then notify victims first so they can take steps to protect their systems before Hive asks for payment.

"By using legal means, we hacked the hackers," Monaco said. "We turned things around in Hive."

News of this removal was first leaked on Thursday morning when the Hive website was replaced with a flickering message saying: "The Federal Bureau of Investigation confiscated this site as part of a coordinated law enforcement action taken against Ransomware Hive."

Server Hive was also seized by the German Federal Criminal Police and the Dutch National High-Technology Crime Unit.

"Intensive cross-border and continental cooperation, characterized by mutual trust, is key to effectively combating serious cybercrime," German police commissioner Udo Vogel said in a statement from police and prosecutors in the state of Baden-Wuerttemberg, who assisted the investigation.

Reuters was not immediately able to find contact details for Hive. It's unclear where their geographic base has been.

Hive's removal differs from several other high-profile ransomware cases announced by the US Department of Justice in recent years, such as cyber attacks in 2021 against Colonial Pipeline Co.

In that case, the Department of Justice confiscated about 2.3 million US dollars (Rp34.3 billion) in cryptocurrency after the company paid the hackers.

Here, there was no confiscation as investigators intervened before Hive demanded payment. The secret leak, which began in July 2022, has not been detected by the gang until now.

Hive is one of the most prolific hacker gangs among various cybercriminals that extort international businesses by encrypting their data and demanding massive eye payments for cryptocurrencies in return.

The Justice Department said that over the years, Hive had targeted more than 1,500 victims in 80 different countries, and had raised more than $100 million in ransomware payments.

Although no arrests were announced last Wednesday, Garland said the investigation was ongoing and a department official told reporters to "continue to wait" for further developments.

Garland said the FBI operation helped many victims, including a school district in Texas.

"The bio gave the decryption key to the school district, saving it from paying a ransom of 5 million US dollars," he said. A Louisiana hospital also avoided extortion of $3 million.

Hive is an abbreviated RaaS ransomware-as-a-service organization that means that it spreads aspects of its hack to affiliates in exchange for deductions from extortion.

Canadian researcher Brett Callow, of cybersecurity firm Emsisoft, said in an email that they were "one of the most active groups, if not the most active."

International law enforcement has struggled for years to defeat specteres such as hydro from ransomware, which has periodically crippled companies, government agencies, and increasingly critical infrastructure.

Hive hackers will most likely soon set up stores with different brands or recruit into other RaaS groups, said Jim Simpson, director of threat intelligence at British company Searchlight Cyber.

Simpson still welcomes the move, saying that "after all, the operation has incurred significant costs on Hive activity."