ransomware as a service website hive is taken down by us authorities

United States authorities have taken control of the dark web site called Hive, which was used by criminals to handle the payment of ransomware against several organizations within the country.

According to a press release published today by the US Department of Justice, the Federal Bureau of Investigation (FBI) managed to penetrate the back-end infrastructure of Hive and this allowed the agency to take possession of the decryption keys of the data they stole.

Hive’s operations have affected more than 1,500 victims in over 80 countries including financial institutions and healthcare providers, the DOJ stated. Estimates point to more than $100 million being extracted from the victims of this cybercrime.

The FBI’s actions against the site started in July of last year and ended up with the seizure of various servers and websites that the criminal initiative used to communicate with its members, clients, and victims.

Ransomware is Turning Into a Big Threat and Authorities Have Taken Notice

Dismantling Hive required the coordinated efforts of security agencies in The Netherlands and Germany to fully disrupt the organization’s ability to keep extorting its victims. Some of the most prominent targets of Hive included India’s Tata Power, the Louisiana Hospital, and Empress EMS – a private emergency response company.

“In a 21st century cyber stakeout, our investigative team turned the tables on Hive, swiping their decryption keys, passing them to victims, and ultimately averting more than $130 million dollars in ransomware payments. We will continue to strike back against cybercrime using any means possible and place victims at the center of our efforts to mitigate the cyber threat.”, commented Deputy Attorney General Lisa O. Monaco.

Also read: Cybersecurity in 2022 and What’s Coming This Year

Meanwhile, FBI Director Christopher Wray commented: “The coordinated disruption of Hive’s computer networks, following months of decrypting victims around the world, shows what we can accomplish by combining a relentless search for useful technical information to share with victims with investigation aimed at developing operations that hit our adversaries hard.”

No arrests connected to this investigation have been made public, possibly as the proceedings are still ongoing.

The stats concerning ransomware in the United States are quite frightening. For example, the Cybersecurity and Infrastructure Security Agency of the United States, also known as CISA, indicated last year that 14 out of the 16 critical infrastructure sectors of the country have been targets of ransomware.

Meanwhile, data from Panda Security indicated that the average ransom demand during the first half of 2021 stood at $5.3 million – a 518% increase compared to the same period a year ago – while the average payout jumped by 82% to $570,000 during that first half.

What is Ransomware?

Ransomware is a type of cybercrime that involves the theft of critical data. Criminals first penetrate the systems of the targeted organization by using different techniques such as phishing, brute-forcing their way into their IT infrastructure, or infecting computers within the organization’s network.

In some cases, they could even opt to use social engineering techniques to get close enough to the organization’s personnel until they can get their hands on their access credentials.

Also read: Best Cybersecurity Stocks to Invest in by Performance

Once they get into the system, the criminals lock everybody out and demand a ransom or otherwise threat to delete and destroy all of the critical databases that the organization owns.

Ransomware-as-a-service (RaaS) has been a growing trend in the cybercrime space. This practice involves a commercial arrangement between cybercriminals and a third party who would like to perform a ransomware attack against an organization or individual.

Previous FBI operations that have dismantled RaaS providers indicated that the perpetrators charged a small fee for sending millions of infected e-mails to their targets. Clients typically provide the database containing the details of the prospective victims. In some cases, the two parties shared the earnings resulting from the attack.

Other Related Articles: