WASHINGTON – Federal investigators have dismantled the computer networks of a cybercriminal organization that had demanded hundreds of millions of dollars in ransoms from schools, hospitals and other critical infrastructure, the Justice Department said Thursday.
In July, the FBI and its colleagues in Germany, the Netherlands and the European law enforcement agency Europol gained covert access to the servers and websites of the Hive organization, which was recognized as one of the most active ransomware groups over the past year. Over the next several months, agents hid within the system, identifying targets and repeatedly thwarting Hive’s attempts to blackmail over 300 victims, preventing them from having to pay a $130 million ransom.
The effort is “21st-century cyberstaking,” Lisa O. Monaco, the assistant attorney general, said during a news conference Thursday. “Put simply, we hacked the hackers by lawful means.”
The Hive operation is part of a larger effort by the department to combat ransomware. a global threat that has increased in recent years and one involving the Biden administration has been classified as a national security priority.
On Wednesday night, officials seized two back-end computer servers used by Hive in Los Angeles and dismantled their dark web sites that allow users to hide their identities, Attorney General Merrick B. Garland said in the news conference. The department did not announce any arrests, but officials said the investigation was continuing.
“Cybercrime is an ever-evolving threat,” said Mr. Garland. “But as I said before, the Justice Department will spare no resources to identify and bring to justice anyone targeting a ransomware attack in the United States.”
As of July 2021, Hive affiliates have operated what is known as a double ransom scheme, in which hackers encrypt victims’ data, threaten to reveal it online, and demand a ransom payment, often worth millions of dollars, for access and a promise not to publish, return the stolen information.
Through these attacks, the group successfully extorted over $100 million in payments and targeted over 1,500 schools, hospitals, businesses and other institutions that officials have classified as critical infrastructure. This includes health groups and school districts across the United States as well big companies in Europe and Costa Rica’s public health system.
In an August 2021 attack on a Midwest hospital during the coronavirus pandemic, Hive prevented the hospital from admitting new patients and gaining access to its digital database of patient information, forcing hospital staff to rely on analog copies. The hospital only restored its data after paying a ransom.
According to Christopher A. Wray, the FBI director, who urged other ransomware victims to speak up, only 20 percent of Hive victims reported potential problems to law enforcement.
