The FBI Successfully Rampas "Harta Karun" Owned By The Most Ganas Hive Ransomware Gang In The World
JAKARTA - The FBI has just seized computer infrastructure from the famous Hive ransomware gang, which has extorted more than $100 million from its victims worldwide.
For seven months, the FBI secretly infiltrated Hive's ransomware gang system and captured the key to decrypting its attacker software.
Now the group's dark website, where Hive registered its victims, features messages that have been seized by the FBI, Secret Service, and a number of European government agencies in English and Russian.
Since June 2021, Hive has targeted more than 1,500 victims globally, including disrupting health service providers during the peak of the COVID-19 pandemic. The victims paid a ransom of more than IDR 1.4 trillion to the group.
While lurking on Hive's network, the FBI halted several attacks, including attacks on Louisiana hospitals, food service companies, and Texas school districts.
The investigation led to two servers in Los Angeles taken by FBI agents with court orders on Wednesday evening January 25. Law enforcement from the Netherlands and Germany contributed to the operation.
"In 21st-century cyber reconnaissance, our investigative team turned things around in Hive, swiped their decryption key, passed it on to victims, and eventually prevented more than $130 million in ransomware payments," Deputy Attorney General Lisa Monaco said at a press conference., quoted from The Guardian, Friday, January 27.
"Simplely, by using legal means, we hack the hackers," he added.
Like many other groups, Hive offers a ransomware-as-a-service model where affiliates can easily subscribe to use the group's malware strain and infrastructure to spread attacks.
"It's not really hiding in sight, it's just hiding. We were hiding and we watched as they continued their attack and we found the key and gave the keys to the victims," said attorney general Garland.
The actor behind Hive uses what cybersecurity experts call a multiple extortion model, which means filtering victims' data before encrypting their systems. If victims don't pay, the hackers threaten to release their data publicly.
According to FBI Director Christopher Wray, only 20 percent of the victims observed by the agency while spying on Hive networks reported it to law enforcement.
Untungnya, kami masih dapat mengidentifikasi dan membantu banyak korban yang tidak lapor. Saat korban melaporkan serangan kepada kami, kami dapat membantu mereka dan orang lain juga," ujar Wray.
Wray added that there were no charges against Hive developers, however, he said the US would continue to work with international partners to seize additional Hive infrastructure and capture developers and their affiliates.
Unfortunately, arrests of ransomware actors are rare as many live in Russia, known as safe havens for cybercriminals.
In November, the US Department of Justice teamed up with Canadian police to arrest a double Russian and Canadian citizen for allegedly participating in the LockBit ransomware attack.
There are possibilities, like many other ransomware groups, Hive affiliates can spread or reset under different names.