The United States busted a major cyber crime gang and covertly put an end to their ransomware attacks, which were going on for six months.
Attorney General Merrick Garland and Deputy Attorney General Lisa Monaco from the United States Department of Justice (DoJ), and FBI Director Christopher Wray were present at a news conference and spoke on the matter.
The United States Department of Justice (DoJ) disclosed that the Federal Bureau of Investigation (FBI) was successful in penetrating deep inside the ransomware group Hive in late July 2022.
They also divulged that the officials had scrutinized the gang and took from them secretly all the digital keys it used to break into victim organizations’ data.
Victims were warned by the officials of the forthcoming attacks. This gave the US officials some advantage to secure their network before the Hive members could ask for payments.
The officials also provided the earlier victims more than 300 decryption keys, which saved them more than $130 million.
After gaining access to Hive’s website, the US officials flashed a message on it, reading, “The Federal Bureau of Investigation seized this site as part of coordinated law enforcement action taken against Hive Ransomware.”
The US DoJ also said that the officials had pulled down all websites and communication networks of the Hive group. The US department jointly worked with the police departments of Germany’s Federal Criminal Police and the Netherlands’ Dutch National High Tech Crime Unit.
Regarding the matter, US Attorney General Merrick Garland said, “Last night, the Justice Department dismantled an international ransomware network responsible for extorting and attempting to extort hundreds of millions of dollars from victims in the United States and around the world.”
Deputy Attorney General Lisa O Monaco said, “Simply put, using lawful means, we hacked the hackers.”
The files of victims are encrypted by ransomware gangs using malicious software, locking them up and rendering them unavailable unless a ransom is paid to receive a decryption key.
Hive’s hacking activities
According to the country’s estimates, Hive and its associates collected more than $100m from over 1,500 victims, which were school districts, hospitals, critical infrastructure, and financial companies. These were spread over 80 countries worldwide. The situation for one of the hospitals became so worse, that it could not admit new patients.
Hive was highly active and most prominent among a wide range of cybercriminal groups. It extracted money from big organizations like international businesses by hacking their data and asking for ransom in the form of cryptocurrency payments. It was also a kind of ransomware-as-a-service organization, RaaS, that is, it gave a portion of the profits from its hacking activity to affiliates in exchange for services rendered.
In case of cyber crime, Russia is mostly accused of fostering such cyber criminal groups.
US crackdown on cyber gangs
The DOJ became determined to bring all those who were possibly behind the Hive group to justice, it said. John Hultquist, head of the Mandiant Threat Intelligence, said, “A good covert operation can degrade confidence in operational security and inject suspicion among actors. Until the group is arrested, they will never truly be gone. They will have to reconstitute, which takes time, but I’ll bet they reappear in time.”
In November 2021, the US authorities made success in arresting the so-called gang members of the REvil group. In an operation called “claw back”, against the same group, the authorities recovered over $6m in cryptocurrency.
Prior to this, in the same year in June, the US pulled down the Darkside gang from the internet and retrieved $4.1m in stolen funds.
In another operation in the same year in January, another ransomware gang NetWalker’s darknet websites were also pulled down online and its important associate was arrested in Canada.
Though all these groups were cracked down upon, however, they are said to reform into other groups.
In light of victims’ refusal to pay the ransom in 2022, research reveals ransomware crews experienced a 40% decline in earnings.
“We expect initiatives like this to only grow stronger between allied cyber-powers, to ensure that governments, organizations, and citizens will be better protected,” Nominet government cyber-services expert Kim Wiles said.
