An international law enforcement effort has disrupted the infrastructure of the Hive ransomware group. Authorities have seized US-based servers and have shut down two of the group’s data leak sites. The takedown effort was aided by FBI agents who infiltrated the Hive network and maintained a presence on their servers for seven months.
Note
- The FBI claims to have hacked the hackers legally, obtaining access to their network to deliver decryption keys to victims, saving about $130M in ransomware payments. Don’t attempt that sort of action yourself: you don’t want to run afoul of what is and is not legal. This doesn’t mean you can’t reach out to law enforcement and contribute to the take-down, when invited; it means don’t go rogue (no matter how upset you are and how weak the target looks.)
- An interesting figure contained in the report is the savings of approximately $130 million in ransom. This lines up nicely with earlier reporting on the reduction in ransomware payouts in 2022. One can infer two things from the article: 1) that actual malware attacks continue to be highly successful; and, 2) while government was successful in disrupting the Hive gang, other cybercriminal gangs will use this announcement to change up their vetting procedures. In the end, more work needs to be done to make enterprises more resilient against ransomware attack.
Read more in