The FBI hacked the website of the ransomware group Hive

The FBI managed to hack into the website of one of the largest ransomware groups, Hive, set up surveillance on the ransomware and secretly stole digital keys that the Hive group used to unlock data of victim organizations. The hacker group’s website has been seized.

The notorious and successful Hive ransomware hacker group, as of November 2022, was demanding several hundred million dollars from more than 1,300 companies worldwide, many of them in the health care industry, using the Hive ransomware.

“Using legal means, we hacked the hackers, we outplayed them at their own game,” said Deputy Attorney General Lisa Monaco.

The cyber operation was led by the FBI office in Tampa, Florida, assisted by the cyber unit at FBI headquarters in Washington, D.C., as well as FBI officers stationed around the world in coordination with overseas partners.

FBI Director Christopher Wray revealed some details of the operation. In July 2022, FBI officers in Tampa were given secret permanent access to the Hive control panel. Since then, over the past seven months, FBI agents have used that access to help organizations from which hackers have extorted ransoms. In total, the FBI has been able to help more than 1,300 organizations – victims of cybercriminals around the world – by preventing at least $130 million in ransom payments.

Christopher Wray noted that about 20 percent of Hive cybercriminal ransomware victims reported potential problems to law enforcement. But according to Ray, Hive’s threats were leveled even for those who did not report the hack.

The FBI director highlighted the role of German police headquarters Reutlingen, the German Federal Criminal Police, the Dutch National High Tech Crime Unit, and Europol in the operation.

The FBI warned that “today’s announcement is just the beginning. We will continue to gather evidence, build a map of Hive’s developers, administrators and partners, and use that knowledge to conduct arrests, seizures and other operations, in the United States and abroad.”

The FBI director addressed cybercriminals directly, “Wherever you are and however you twist to cover your tracks, your infrastructure, your criminal associates, your money, and your freedom are at risk. And there will be consequences.”

On the darknet, Hive’s website reported that it had been seized “as part of a coordinated effort by international law enforcement.”

One of the organizations affected by Hive in the United States was a 314-bed hospital in Louisiana. The hospital stopped the ransomware attack in October, but by that time the hackers had managed to steal the personal data of almost 270,000 patients.

The ransomware epidemic became relevant to U.S. law enforcement after hackers in May 2021 hacked Colonial Pipeline, a major operator of the U.S. East Coast fuel pipeline. Its operations were halted for days, causing long lines at gas stations in several states. The company was hacked, allegedly by hackers linked to Russia.

While extortion hacking remains a lucrative business, there are indications that actions by U.S. and European law enforcement over the past year have cut into hackers’ profits. International hackers’ revenue from ransomware fell to about $457 million in 2022, down from $766 million in 2021.

You may be interested: Italian fashion house found a way to hide people from facial recognition systems