NewsPoliticsTop StoryUS

US ‘hacked the hackers’, Ransomware gang fell down

The FBI revealed on Thursday it had secretly hacked and disrupted a prolific ransomware gang called Hive, a maneuver that allowed the bureau to thwart the group from collecting more than $130 million in ransomware demands from more than 300 victims. At a news conference, U.S. Attorney General Merrick Garland, FBI Director Christopher Wray, and Deputy U.S. Attorney General Lisa Monaco said government hackers broke into Hive’s network and put the gang under surveillance, surreptitiously stealing the digital keys the group used to unlock victim organizations’ data. The Associated Press has the story:

US ‘hacked the hackers’, Ransomware gang fell down

Newslooks- WASHINGTON (AP)

The FBI has at least temporarily dismantled the network of a prolific ransomware gang it infiltrated last year, saving victims including hospitals and school districts a potential $130 million in ransom payments, Attorney General Merrick Garland and other U.S. officials announced Thursday.

“Simply put, using lawful means we hacked the hackers,” Deputy Attorney General Lisa Monaco said at a news conference.

Officials said the targeted syndicate, known as Hive, operates one of the world’s top five ransomware networks. The FBI quietly gained access to its control panel in July and was able to obtain software keys to decrypt the network of some 1,300 victims globally, said FBI Director Christopher Wray. Officials credited German police and other international partners.

Federal Bureau of Investigation (FBI) Director Christopher Wray speaks during a news conference to announce an international ransomware enforcement action, at the Department of Justice in Washington, Thursday, Jan. 26, 2023. The FBI has seized the website of a prolific ransomware gang that has heavily targeted hospitals and other healthcare providers. (AP Photo/Jose Luis Magana)

It was not immediately clear how the takedown will affect Hive’s long-term operations, however. Officials did not announce any arrests but said they were building a map of Hive’s administrators, who manage the software, and affiliates, who infect targets and negotiate with victims, to pursue prosecutions.

“I think anyone involved with Hive should be concerned because this investigation is ongoing,” Wray said.

On Wednesday night, FBI agents seized computer infrastructure in Los Angeles that was used to support the network. Hive’s dark web site was also seized.

“Cybercrime is a constantly evolving threat, but as I have said before, the Justice Department will spare no resource to bring to justice anyone anywhere that targets the United States with a ransomware attack,” Wray said.

Attorney General Merrick Garland speaks during a news conference to announce an international ransomware enforcement action, at the Department of Justice in Washington, Thursday, Jan. 26, 2023. The FBI has seized the website of a prolific ransomware gang that has heavily targeted hospitals and other healthcare providers. (AP Photo/Jose Luis Magana)

Garland said that thanks to the infiltration, led by the FBI’s Tampa office, agents were able in one instance to disrupt a Hive attack against a Texas school district, stopping it from making a $5 million payment.

The operation is a big win for the Justice Department. The ransomware scourge is the world’s biggest cybercrime headache with everything from Britain’s postal service and Ireland’s national health service to Costa Rica’s government crippled by Russian-speaking syndicates that enjoy Kremlin protection. The criminals lock up, or encrypt, victims’ computer networks, steal sensitive data and demand large sums.

As an example of Hive’s threat, Garland said it had prevented a hospital in the Midwest in 2021 from accepting new patients at the height of the COVID-19 epidemic.

Federal Bureau of Investigation (FBI) Director Christopher Wray flanked by Attorney General Merrick Garland speaks during a news conference to announce an international ransomware enforcement action, at the Department of Justice in Washington, Thursday, Jan. 26, 2023. The FBI has seized the website of a prolific ransomware gang that has heavily targeted hospitals and other healthcare providers. (AP Photo/Jose Luis Magana)

A U.S. government advisory last year said Hive ransomware actors victimized over 1,300 companies worldwide from June 2021 through November 2022, receiving approximately $100 million in ransom payments. It said criminals using Hive ransomware targeted a wide range of businesses and critical infrastructure, including government, manufacturing and especially health care and public health facilities.

The threat captured the attention of the highest levels of the Biden administration two years ago after a series of high-profile attacks that threatened critical infrastructure and global industry. In May 2021, for instance, hackers targeted the nation’s largest fuel pipeline, causing the operators to briefly shut it down and make a multimillion-dollar ransom payment that the U.S. government largely recovered.

Federal officials have used a variety of tools to try to combat the problem, but conventional law enforcement measures such as arrests and prosecutions have done little to frustrate the criminals.

The FBI has obtained access to decryption keys before. It did so in the case of a major 2021 ransomware attack on Kaseya, a company whose software runs hundreds of websites. It took some heat, however, for waiting several weeks to help victims unlock afflicted networks.

Read more U.S. news

Previous Article
US expands sanctions on Russia’s Wagner Group
Next Article
Average long-term mortgage rate the lowest in 4 mos.

How useful was this article?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this article.

Latest News

Menu