FBI Infiltrated Hive Network, Blocking Over $130 Million in Crypto Ransomware

The U.S. Justice Department announced Thursday the results of a months-long operation with the Federal Bureau of Investigation that actively disrupted the activities of the Hive ransomware group, which the agency says had targeted hospitals, schools, and banking in over 80 countries.

“Last night, the Justice Department dismantled an international ransomware network responsible for extorting and attempting to extort hundreds of millions of dollars from victims in the United States and around the world,” U.S. Attorney General Merrick B. Garland said in a statement.

Since June 2021, the Justice Department says, the group has targeted more than 1,500 victims worldwide and received over $100 million in cryptocurrency ransom payments. The DOJ says the FBI’s operation to penetrate Hive’s network began in July 2022 and was able to provide over 1,300 decryption keys to help victims recover their data and systems—including critical infrastructure one.

The agency says the operation was coordinated with German and Dutch law enforcement, seizing control of the servers and websites used by Hive.

Ransomware is software that can lock a computer and demand a ransom to restore access. While any device connected to the internet could potentially be a victim of ransomware, phishing attacks are generally the primary attack vector.

According to the agency, Hive typically targets a victim by stealing sensitive data (emails, documents, pictures, and videos) and then encrypting their computer files. The group would then demand a ransom in Bitcoin for the decryption key necessary to restore the files and extort additional funds in exchange for a promise not to publish the stolen data on the dark web. If the victim did not pay, Hive would publish the stolen data.

Blockchain forensic firm Chainalysis recently reported the revenue from ransomware attacks has decreased by 40%, going from $766 million in 2021 to $457 million in 2022. The firm attributed the drop in ransomware payments to victims’ increasing unwillingness to pay and an increase in cybersecurity awareness, calling the takedown of Hive a victory for cryptocurrency, law enforcement, and national security.

“Cybercrime is a constantly evolving threat,” Garland said. “But as I have said before, the Justice Department will spare no resource to identify and bring to justice, anyone, anywhere, who targets the United States with a ransomware attack.”