The American federal investigators were able to discreetly provide deciphering keys to victims of this very active cybercriminal group.
The American authorities announced, Thursday, January 26, an international operation, in partnership with Europol, Germany and the Netherlands, against Hive, one of the most active groups in the ransom sector. Like many other cybercriminal gangs, Hive works with computer hackers to attack companies’ computer networks, paralyze them by encrypting the files of the machines using malicious software, then asking for a ransom from his victims .
Federal investigators reached, in July 2022 , to infiltrate a part of the infrastructure used by Hive and its partners to carry out their operations. They were thus able to obtain, live, keys of deciphering kept secret and supposed to be entrusted to the victims only if they came to pay the ransom requested.
“The FBI provided more than 300 deciphering keys to victims of Hive who were undergoing an attack,” said the Department of Justice in a press release , adding that this action had made it possible to prevent the group to recover nearly $ 130 million in ransoms. The American authorities have cited the example of a foreign hospital which had discreetly given itself the key to deciphering even before the negotiations between the staff and the hive pirates begin.
of the victims warned to Time
This infiltration also allowed the federal authorities to prevent entities that were targeted by the group. During a press conference organized Thursday, FBI director Christopher Wray gave the example of an American university targeted by one or more pirates affiliated to Hive. While the suspects were in the initial phase of intrusion and had not yet deployed the malicious software, the investigators were able to alert the computer teams and “give them tactical information” so that they can eject the attackers of their network. Finally, 1,000 deciphering keys have also been provided to former victims of Hive by the authorities.
This infiltration mission ended, during the night of Wednesday 25 to Thursday, January 26, with the entry of several servers used by Hive and by the offline of the group’s sites on the Darknet.
According to estimates by the American authorities, the group A, since its appearance in June 2021, has made more than 1,500 victims worldwide and pocketed more than $ 100 million in ransom. In France, Hive is known to have attacked Altice and stole internal data from the group, and more recently for having conducted an attack on part of the Intersport chain network.