The US Department of Justice (DOJ) announced Thursday that it has been conducting a disruption campaign against a ransomware group known as Hive spanning several months. Ransomware is a kind of malicious software that makes it impossible to access a computer’s files unless a ransom is paid. Hive’s ransomware attacks focused on victims in critical infrastructure and international business. The group extorted millions of dollars in cryptocurrency through ransom payments.
News of the disruption broke Thursday morning after the FBI seized Hive’s website. In a news conference after the seizure, FBI Director Christopher Wray revealed that in July 2022, “FBI Tampa gained clandestine, persistent access to Hive’s control panel.”
Ever since, the FBI provided decryption keys to victims, saving them from paying over $130 million in ransom fees while keeping Hive unaware. They identified Hive’s victims, and have offered around 1,300 victims the decryption keys to prevent ransom payments. According to the DOJ, Hive has targeted around 1,500 victims in over 80 countries, making over $100 million through ransom payments.
Hive’s servers have also been seized by the German Federal Criminal Police and the Dutch National High Tech Crime Unit.