It took the cooperation of the FBI, Europol, German and Dutch police to bring them down. The American and German authorities announced on Thursday the dismantling of one of the main ransomware attack networks in the world, dubbed “Hive”, accused of having targeted some 1,500 entities in 80 countries. “Last night, the Department of Justice dismantled an international ransomware network that extorted or attempted to extort millions of dollars from its victims,” Minister Merrick Garland said at a press conference in Washington.
First detected in June 2021, the criminal group Hive is accused of collecting more than $100 million in ransom. After infiltrating a computer system, ransomware hackers encrypt corporate data and demand payment to unlock it. According to firms specializing in cybersecurity, Hive ransomware, or “ransomware” in English, has been deployed against American hospitals, the German chain of electronics stores Telemarkt and the Indian giant Tata.
“We hacked the hackers”
The group’s servers were seized and the federal police took control of its site on the “dark web”, the part of the internet not referenced by conventional browsers, he said. “We hacked the hackers”, welcomed the number 2 of the American Department of Justice, Lisa Monaco. “For months, we helped victims fight back against their abusers and deprived the network of its criminal profits,” she said.
By June, the FBI had successfully penetrated Hive’s networks and recovered its encryption key, which it offered to victims around the world in the following months, allowing them to avoid paying $130 million in ransoms. , said Christopher Wray. The Federal Police had also distributed copies of this key to former Hive victims to fully recover their data.
“Unfortunately, during these seven months, we discovered that only 20% of Hive victims had alerted the police,” lamented the head of the FBI, calling on all companies and entities to contact his agents as soon as possible in the event of an incident. ‘offensive. The prosecutor’s office in Stuttgart, Germany, said in a statement that the operation, dubbed “Dawnbreaker”, had its source in an investigation opened by its services after attacks against businesses in the region. However, they “did not give in to blackmail and informed the authorities”, he added.
“Once again, it has been proven that intense and mutually trusting cooperation across borders and continents is the key to an effective fight against serious cybercrime”, said Udo Vogel, the head of the police of Reutlingen (south-west of Germany), quoted in the press release.