A dozen flags, logos of various police departments and a message written in Russian which Google translates as follows: “This website was confiscated by the FBI as part of a concerted action by law enforcement anti-malware law. The American and German authorities announced on Thursday the dismantling of one of the main ransomware attack networks in the world, dubbed “Hive”. He accused of having targeted some 1,500 entities in 80 countries and of having collected more than 100 million dollars in ransoms since June 2021.
In France, 58 victims of Hive – mainly companies or communities – have been identified by the judicial police, and 26 of them have filed a complaint. Among them, the companies Altice or Damart, the National School of Civil Aviation, the town hall of Annecy, or the community of Guadeloupe. The hackers behind this ransomware practiced “double extortion”. After infiltrating a computer system, they “encrypted the machines and stole the data they contained”, explains to 20 minutes Commissioner Valentine Altmayer, from the sub-directorate for the fight against cybercrime of the central directorate of the judicial police.
“Mapping the attack infrastructure”
The victims then received an email asking them to pay a sum of money in exchange for a code that allowed them to unlock their computers and recover their data. “They also threatened them to disclose the stolen information and went so far as to call the victims and threaten them on social networks to put pressure on them,” continues the policewoman. In an attempt to identify the perpetrators, the French investigators focused on analyzing the clues left by the hackers and then shared their elements with the services of 13 other countries with the aim of “mapping the attack infrastructure”.
Last October, the departmental council of Seine-Maritime was thus the victim of a “major computer attack”. The departmental public services had to operate for a time in “severely degraded mode”, had detailed its president, Bertrand Bellanger, during a press conference. But what the hackers didn’t know was that the FBI had managed to break into Hive’s networks four months earlier. The US agency thus recovered the encryption key which it offered to victims around the world in the following months. This cooperation made it possible to avoid paying 130 million dollars in ransoms, said Christopher Wray, the director of the FBI, during a press briefing.
“Using the data collected during the operation”
With the help of Anssi (National Agency for the Security of Information Systems), the judicial police thus “intervened discreetly to allow the departmental council of Seine-Maritime to recover its data” with this code, says the commissioner. Altmayer. The maneuver enabled the Normandy community to “recover 62 teras of data and restore the departmental council’s information systems in less than a month”, she continues.
The dismantling of Hive not only made it possible to “contain the threat” that this ransomware posed but also to advance the investigations. Investigators around the world have thus “recovered a lot of data to try to identify the cybercriminals” who were at work, assures Valentine Altmayer. The police officers working on this case will now meet next February, in Orlando, Florida, for a week, to “exploit the data collected during this operation, see what we can learn from it, divide up the remaining work and moving forward together,” she concludes.