 |
| The FBI dismantles the largest ransomware ring and frees the victims |
Senior US officials said Thursday that the FBI launched an attack against Hive ransomware, one of the most prolific ransomware gangs, to disrupt its operations and rescue victims.
After hacking into the gang's infrastructure last summer, the FBI seized the gang's payments and privacy-infringement website as part of an international law enforcement operation.
The US Department of Justice and Europol announced today that the FBI secretly infiltrated the infrastructure of the Hive ransomware gang in July 2022 and has been secretly monitoring the gang's activities ever since.
The administration said in a statement that the operation allowed the FBI to detect attacks before they happen, warn targets, obtain and distribute decryption keys to victims, and avoid paying a nearly $130 million ransom.
She added, “Since the (Hive) network was hacked in July 2022, the FBI has released more than 300 decryption keys to the hacked (Hive) victims. More than 1,000 additional decryption keys have been distributed.”
As part of the operation, the FBI was given access to two dedicated servers and one virtual private server rented from a California hosting provider with the email addresses of the gang members. As part of a coordinated operation, Dutch police also gained access to two dedicated backup servers hosted in the Netherlands.
With this access, law enforcement has identified the servers as gross privacy-infringing websites, trading sites, and web forums used by gang operators and their associates.
The ransomware gang's Tor site now displays a seizure notice listing a number of other countries involved in the enforcement action including: Germany, Canada, France, Lithuania, the Netherlands, Norway, Portugal, Romania, Spain, Sweden, and the United Kingdom. .
Unlike previous takeover messages used by law enforcement agencies, this is an animated GIF that switches between English and Russian messages, warning other ransomware gangs of their operations.
The message text: “This hidden site has been seized. The FBI has seized this page as part of a coordinated law enforcement operation against Hive ransomware.”