Advertisement
Alamy Stock Photo
hive mind

US shuts down global ransomware group Hive after international operation

An Garda Síochána assisted with the operation.

THE US JUSTICE Department has announced it has shut down the Hive ransomware group, under an internationally supported operation that included An Garda Síochána.

Hive operated as a ransomware service, meaning anyone could hire its software and other services to help hack into and lock down a target’s IT systems, and to process payments. Hive and the client would share the profits from the extortion.

Since it first emerged in 2021 more than 1,500 companies and institutions have been hacked – their IT systems or databases encrypted by Hive and backup deleted or rendered inaccessible.

Gardaí attached to the National Cyber Crime Bureau have participated in several operational meetings and are currently involved in the investigation of a number of Hive Ransomware incidents that targeted Irish victims.

US Attorney General Merrick Garland said that US authorities working with German and Netherlands law enforcement took over Hive’s website and servers after having infiltrated it for nearly seven months.

The infiltration helped hundreds of companies avoid paying $130 million in extortion demands made after Hive hacked and froze their data systems.

Deputy Attorney General Lisa Monaco called the operation to infiltrate Hive a “21st-century cyber stakeout.”

“We hacked the hackers,” she said.

The hackers would demand large payments, often in cryptocurrency, in exchange for freeing up the systems.

If victims refused to pay, Hive would publish confidential internal files and documents on the internet.

Irish-based victims of Hive have been provided with decryption keys for them to regain access to their data without paying the cybercriminals.

Detective Chief Superintendent at the Garda National Cyber Crime Bureau, Barry Walsh said: “This is an excellent result that has come from a lot of painstaking work carried out by Gardaí in the Cyber Crime Bureau and together with our colleagues across the world.

“It underscores the immense value of co-ordinating a collective law enforcement response to emerging criminality.

“The Hive Ransomeware Group has caused a great deal of distress to people in Ireland, and has upset their daily lives in more ways than one. This is not just about the monetary loss suffered by victims, but the significant disruption that a cyberattack causes.

“We will further maximise on this work and stay focused on targeting the tactics and methods of cybercriminals and which affect victims here in Ireland.”

Victims included German retail giant Media Markt, Costa Rica’s public health service, Indonesia’s state gas company and multiple US hospital groups, according to cybersecurity advisors.

Early yesterday, Hive’s website on the dark web was frozen and a screen alternating in English and Russian said it had been taken over by the US Federal Bureau of Investigation.

US officials said that by breaking into Hive’s dark-web site and collecting information, authorities were able to obtain the digital keys necessary to unlock a victim’s frozen data so that they were not forced to pay Hive.

This helped prevent a Texas school district, and Louisiana hospital, and an unnamed foods services company from having to pay millions of dollars in ransom after being hit by a Hive attack, for example, they said.

US authorities would not say who is behind Hive or whether any arrests would accompany the shutdown of the operation, saying the investigation is ongoing.

The investigation involved the US FBI, the German Reutlingen Police Headquarters, the German Federal Criminal Police, the Netherlands National High Tech Crime Unit, and Europol.

Additional reporting by AFP

Your Voice
Readers Comments
7
This is YOUR comments community. Stay civil, stay constructive, stay on topic. Please familiarise yourself with our comments policy here before taking part.
Leave a Comment
    Submit a report
    Please help us understand how this comment violates our community guidelines.
    Thank you for the feedback
    Your feedback has been sent to our team for review.

    Leave a commentcancel