Internet
Investigators dismantle criminal cyber group
A group of criminals is said to have carried out 1,500 serious cyber attacks against companies and organizations in the past year and a half. photo
© Sebastian Gollnow/dpa
A hacker group has been blackmailing companies and organizations on a large scale. Now investigators from all over the world have broken up the network – with crucial support from Germany.
Investigators from Germany and the USA have struck a major blow against an international network of cybercriminals and extortionists. The hacker group is said to have been responsible for more than 1,500 serious cyber attacks against companies and organizations worldwide in the past year and a half, according to the US Department of Justice and the public prosecutor’s office in Stuttgart.
More than 70 attacks were directed against facilities in Germany. According to investigators’ estimates, the damage caused to the affected companies and public institutions should “run into the billions”.
“Since July of last year, we have assisted more than 300 victims around the world, preventing approximately $130 million in ransom payments,” US Attorney General Merrick Garland said at a news conference in Washington. The network is the “Hive Ransomware” group, which not only encrypts the victims’ important data, but has also developed blackmail tools to put pressure on the victim by publishing sensitive data. The network has stolen more than 100 million US dollars (around 92 million euros) in ransom payments in recent years.
Ransomware has been considered the most serious cybersecurity threat for years. Malicious software that has been smuggled in blocks companies or paralyzes their infrastructure. The blackmail that usually follows is a particularly lucrative business. Billing is often done in the digital currency Bitcoin.
Crucial information came from Esslingen
Cyber specialists in Esslingen (Baden-Württemberg) managed to penetrate the criminal IT infrastructure of the perpetrators last year, according to the Stuttgart public prosecutor’s office. They had therefore determined because a company in the district had been the victim of an attack. The specialists could then have traced back the previously unknown “Hive” network and finally given the international partners the decisive clue, it said. In the course of the investigation, servers were confiscated and network services made inaccessible.
“Put simply, we hacked the hackers by legal means and turned the tables,” US Assistant Attorney General Lisa Monaco summarized the investigators’ actions. These would have captured decryption keys again and again and passed them on to the victims in order to free them from the ransomware. “We have made it clear that we will use all available means to combat cybercrime,” stressed Monaco. Hospitals, school districts, financial companies and also areas of critical infrastructure were among the victims.
Garland thanked the international partners – especially Germany and the Netherlands – for the cross-border cooperation. “We will continue to smash the criminal networks that carry out such attacks,” announced the minister. He cited an attack on a hospital in the United States as an example of what the criminals were doing. Because of the attack, the clinic was no longer able to accept new patients and no longer had access to electronic patient data.