The FBI seized the website of an infamous ransomware gang responsible for hacking and holding for ransom information stolen from thousands of companies in the health care and public health fields over the past few years, officials announced on January 26.
According to a news briefing from the Department of Justice, the ransomware group known as Hive had its website hacked by the FBI and ultimately taken down, as per a notice on the group’s dark web site.
It’s not clear how the seizure will impact the group’s future operations.
At a news conference, FBI Director Christopher Wray said the bureau gained access to the Hive’s computer networks, which allowed officials to obtain computer “keys” and pass them to victims of attacks so that they could decrypt their systems and avoid having to pay $130 million in ransom payments.
“Simply put, using lawful means, we hacked the hackers,” Deputy Attorney General Lisa Monaco told reporters.
Last year, a U.S. government advisory bulletin stated that Hive cybercriminals were responsible for targeting 1,300 companies worldwide with ransomware.
The group has received over $100 million in ransomware payments by hacking systems in critical infrastructure industries such as health care, government facilities and manufacturers.
In one instance in October 2022, a 314-bed hospital in Louisiana was targeted by the group. Although the hospital managed to block the ransomware attack to some degree, the hackers were able to steal the personal data of 270,000 patients in the process.
“Hive compromised the safety and health of patients in hospitals — who are among our most vulnerable population,” said Errol Weiss, chief security officer for the Health Information Sharing and Analysis Center. “When hospitals are attacked and medical systems go down, people can die.”
Ransomware, as the name suggests, refers to a technique used by hackers to encrypt computer networks with a malicious software, steal data and then demand large sums of money in return for that data.
The Justice Department said the Hive website seizure is the latest in its push to strengthen cybersecurity across companies and critical infrastructure and to crack down on cybercrime, particularly ransomware groups.
The U.S. government has been the target of several high-profile ransomware attacks in recent years.
In one attack in May 2021, hackers targeted the largest fuel pipeline in the country, causing the pipeline’s operations to shut down and leading to millions of dollars being paid out in ransom.
Since then, the U.S. government has largely recovered the funds.
Officials said they are using a variety of tools to counter ransomware attacks. Conventional law enforcement measures, such as arrests and prosecutions, play a significant role in these efforts.
For instance, in October 2021, officials detained a Ukrainian hacker after he was arrested while traveling to Poland. He was charged in connection with several ransomware attacks that took place prior to the Fourth of July weekend that year.
According to data from cryptocurrency-tracking firm Chainalysis, ransomware revenue fell from $766 million in 2021 to $457 million in 2022, thanks in part to international law enforcement efforts.
While experts believe the disruption to the Hive group is a positive sign, they do not believe it will deter ransomware activity going forward.
“The disruption of the Hive service won’t cause a serious drop in overall ransomware activity but it is a blow to a dangerous group that has endangered lives by attacking the healthcare system,” said John Hultquist, an analyst with cybersecurity firm Mandiant. “Unfortunately, the criminal marketplace at the heart of the ransomware problem ensures a Hive competitor will be standing by to offer a similar service in their absence, but they may think twice before allowing their ransomware to be used to target hospitals.”
Wray said the FBI is committed to bringing the individuals behind Hive to justice.
