FBI brings down massive ransomware gang by “hacking the hackers”

What simply occurred? In what could possibly be described as superbly ironic, a infamous ransomware-as-a-service (RaaS) gang has been introduced down after the FBI infiltrated its programs, disrupted operations, and seized its websites. Or, because the Deputy US Legal professional Normal put it, they “hacked the hackers.”

Talking at a information convention, US Legal professional Normal Merrick Garland, FBI Director Christopher Wray, and Deputy U.S. Legal professional Normal Lisa Monaco introduced that the federal government secretly infiltrated the Hive ransomware gang’s networks in July 2022 earlier than launching a six-month monitoring operation.

Throughout this infiltration, the federal government was capable of steal greater than 300 decryption keys from Hive and distribute them to victims who have been beneath assault, stopping round $130 million in ransom funds, together with $5 million from a Texas faculty district. The feds additionally distributed over 1,000 further decryption keys to earlier Hive victims.

The FBI used its entry to Hive’s infrastructure to warn targets about impending assaults, giving them time to bolster their programs and put together. Hive’s Tor fee and information leak websites have been additionally seized.

As per Bleeping Computer, the FBI gained entry to 2 devoted servers and one digital non-public server at a internet hosting supplier in California that have been leased utilizing e-mail addresses belonging to Hive members. In a coordinated transfer, Dutch police additionally gained entry to 2 devoted backup servers hosted within the Netherlands. Legislation enforcement confirmed that these servers acted as the primary information leak web site, negotiation web site, and net panels for Hive and its associates.

As per the affidavit: “Along with decryption keys, when the FBI examined the database discovered on Goal Server 2, the FBI discovered information of Hive communications, malware file hash values, data on Hive’s 250 associates, and sufferer data per the knowledge it had beforehand obtained via the decryption key operation.”

An FBI message (above) on the seized Hive Tor web site notes that many international locations have been concerned within the co-ordinated takedown, together with Germany, Canada, France, Lithuania, Netherlands, Norway, Portugal, Romania, Spain, Sweden, and the UK.

“Utilizing lawful means, we hacked the hackers,” Monaco instructed reporters. “We turned the tables on Hive.”

Hive, which launched in June 2021, focused greater than 1,500 victims in 80 completely different international locations all through its existence. As with different RaaS organizations, it rented out the malware to different criminals for a reduce of the ransom.

The gang had collected greater than $100 million in ransomware funds, and whereas no arrests have been introduced, a division official instructed that may quickly change. Not like different ransomware operators, Hive by no means said any intent to keep away from concentrating on hospitals or emergency providers.

Masthead credit score: Sebastiaan Stam