FBI removes Hive ransomware group


Dealing with global police, the FBI said it has seized control fbi.jpgof the servers the Hive group utilizes

to interact with members. Image: iStockphoto/domoyega The FBI has actually exposed the results of a month-long campaign designed to ward off an infamous ransomware group understood for obtaining medical facilities, school districts and critical infrastructure. On Thursday, the agency announced that it had actually dealt with police in Germany and the Netherlands to take control of the servers utilized by the Hive criminal gang to interact with its members, hence cutting off its capability to extort its victims.

The group’s dark web site now displays a message in both English and Russian specifying: “This concealed website has actually been taken. The Federal Bureau of Investigation took this site as part of a collaborated police action taken versus Hive Ransomware.”

SEE: Ransomware attacks are reducing, however business remain susceptible (TechRepublic)

Another message shows that this action was taken by the United States Attorney’s Office for the Middle District of Florida and the Computer Crime and Intellectual Property Area of the Department of Justice with substantial assistance from Europol.

Jump to:

Takedown of Hive’s site is the most recent step

The takedown of the Hive site is just the latest in a series of actions targeted at interrupting the group’s abilities. The FBI said that since late July of 2022, it has actually permeated the gang’s computer system networks, recorded its decryption keys and supplied those secrets to victims worldwide.

Offering the decryption secrets to Hive victims is a vital action, as it has actually saved them from collectively paying a ransom amount of $130 million. Since the FBI’s campaign began, more than 300 decryption secrets have been offered to Hive victims under attack, while more than 1,000 were offered to victims of the gang’s previous attacks.

Must-read security coverage

“Cybercriminals make use of advanced innovations to prey upon innocent victims worldwide,” stated U.S. Attorney Roger Handberg for the Middle District of Florida. “Thanks to the extraordinary investigative work and coordination by our domestic and international law enforcement partners, further extortion by Hive has actually been thwarted, critical company operations can resume without disturbance, and millions of dollars in ransom payments were avoided.”

History of Hive

Appearing in 2021, Hive launched a series of attacks that quickly made it among the most active and prominent ransomware groups. Using the ransomware-as-a-service model, Hive develops the required ransomware tools and innovations and then recruits affiliates to carry out the actual attacks. After the ransom is received, Hive affiliates and administrators split the money 80/20, according to the FBI.

Utilizing the RaaS design, Hive has actually targeted a range of sectors, including healthcare facilities, school districts, financial firms and important infrastructure. Given that June of 2021, the group has targeted more than 1,500 victims worldwide and captured more than $100 million in ransom payments.

Strategies of Hive

Hive is understood for double extortion techniques in which the enemies not only decrypt the data to avoid its victims from accessing it however threaten to publicly leak the information unless the ransom is paid. The group has actually already published information stolen from victims on its leakage website.

Hive affiliates access to the networks of desired victims through different methods, according to the U.S. Cybersecurity and Facilities Security Agency. In some cases, the aggressors sneak in through single-factor account logins utilizing Remote Desktop Procedure, virtual personal networks or other remote connection procedures.

In other cases, they exploit vulnerabilities in FortiToken authentication products. And another typical tactic includes sending out phishing emails with destructive file accessories.

Difficulties in taking down ransomware groups

Ransomware groups are tough to totally erase because the members tend to resurface in other groups and capacities. But, the efforts by the FBI and other police are created to strike them on numerous fronts.

“While this is definitely a win, this is by no indicates completion of ransomware,” said Jordan LaRose, practice director for facilities security at security consulting company NCC Group. “We have currently seen a reemergence from REvil, and Hive will likely follow suit in some type.

SEE: The most hazardous and damaging ransomware groups of 2022 (TechRepublic)

“But, takedowns like these doubtlessly prevent attackers and prospective payees and increase awareness of the long-term results of paying assailants.”

Collaboration and cooperation amongst different police entities around the globe is crucial to winning the battle versus ransomware assaulters, LaRose included. Also of excellent help is the ability of security specialists to supply crucial risk intelligence to the FBI and other organizations.

Recommendations to combat ransomware

“For vulnerable companies, this is why the primary focus must be getting their system back up and following an attack,” stated Caroline Seymour, vice president of item marketing for disaster healing firm Zerto. “When a provider is disabled and access to information is kept in exchange for ransom, the best way to eliminate back and get up and running again is to have a healing solution in location that secures systems from disturbance and supplies a path to instantaneous recovery.”

However, lots of organizations rely on backups that are a day or even a week old to restore their data, Seymour added. That results in gaps and data loss that can affect business and contribute to the general expense of healing.

“The key is having a solution that’s constantly on with enough granularity to recuperate to a point in time precisely before the attack took place without time gaps,” Seymour said. “The best solution will be one that utilizes constant information security and keeps important data safeguarded in real time.”

Check out next: Following year-end ransomware storm, leaders batten hatches for sea of troubles in 2023 (TechRepublic)


Leave a Reply

Your email address will not be published. Required fields are marked *