The FBI has successfully infiltrated the Hive network, one of today’s most active and sophisticated ransomware groups. The operation, conducted in collaboration with German and Dutch law enforcement, has resulted in the group’s seizure of servers and websites and the blocking of over $130 million in crypto ransom payments.
“Last night, the Justice Department dismantled an international ransomware network responsible for extorting and attempting to extort hundreds of millions of dollars from victims in the United States and around the world,” U.S. Attorney General Merrick B. Garland said in a statement.
Since June 2021, the group has targeted over 1,500 victims worldwide and received over $100 million in cryptocurrency ransom payments. The FBI’s operation to penetrate Hive’s network began in July 2022 and was able to provide over 1,300 decryption keys to help victims recover their data and systems, including critical infrastructure.
Hive normally targets a victim by stealing sensitive data (emails, documents, images, and videos), after which it encrypts their computer files, according to the agency. The organization would then demand a Bitcoin ransom for the decryption key required to recover the files and demand further money in return for a pledge not to post the stolen information on the dark web. If the victim didn’t pay, Hive would release the information that was taken.
According to new data from blockchain forensics company Chainalysis, ransomware attack income has dropped by 40%, from $766 million in 2021 to $457 million in 2022. The company described the removal of Hive as a success for cryptocurrencies, law enforcement, and national security. It blamed the decline in ransomware payments on victims’ growing reluctance to pay and an increase in cybersecurity knowledge.
“Cybercrime is a constantly evolving threat,” Garland said. “But as I have said before, the Justice Department will spare no resource to identify and bring to justice anyone, anywhere, who targets the United States with a ransomware attack.”