The Justice Department made the announcement today that it launched a disruption campaign against the Hive ransomware group. This group is responsible for targeting over 1,500 victims in over 80 countries around the world, including hospitals, educational institutions, financial firms, and critical infrastructure. Since June 2021, the group has received ransom payments totaling over $100 million in cryptocurrencies.
Since late July 2022, the FBI has been able to break into the computer networks used by Hive, seize its decryption keys, and offer them to victims all around the world. This has allowed victims to avoid having to pay the ransom of $130 million that was asked of them. Since breaching the network of Hive in July 2022, the FBI has distributed over 300 decryption keys to victims of Hive who were under attack.
In addition, the FBI gave out more than 1,000 additional decryption keys to former Hive victims. Finally, the department announced today that it has taken control of the servers and websites that Hive employs to communicate with its members. This will prevent Hive from being able to attack and extort victims in the future.
The department worked in conjunction with German law enforcement and the Netherlands National High Tech Crime Unit to accomplish this. Ransomware-as-a-service (RaaS) was the business model that Hive utilized. This model included administrators, who are also frequently referred to as developers and affiliates.
RaaS is an example of a subscription-based business model in which the creators or administrators of ransomware first produce a ransomware strain, then design an intuitive user interface with which to operate the strain, and last recruit affiliates to employ the ransomware against victims. Affiliates chose targets, deployed this pre-made harmful software to attack victims, and then received a percentage of each successful ransom payment.
