The FBI shut down the Hive ransomware hacker’s servers and website last week after working inside the group since July. During that time, they retrieved over 300 decryption keys and passed them on to current victims of Hive ransomware to unlock data and workstations. They also gave more than 1000 decryption keys to previous Hive ransomware victims. The FBI was able to help schools, hospitals, and businesses hacked by Hive ransomware with decryption keys and enable them to unlock their data without paying a ransom.
“We turned the tables on Hive and busted their business model, saving potential victims approximately $130 million in ransomware payments,” Deputy Attorney General Lisa Monaco said during a press conference last week.
Hive used a Ransomware-as-a-Service (RaaS) model utilizing hacker affiliates to hack schools and businesses and then took a percentage of the ransom off the top. The group also had a website where they published stolen data if the victim refused to pay. Hive used multiple attack vectors to infiltrate networks, including email phishing, authentication token vulnerabilities, and VPN access only protected by single-factor authentication. Once inside the network, affiliates shut down security software, delete logs, and encrypt sensitive data. The group used a double extortion model to encrypt data and lock system workstations, so they could not be used. According to the FBI, the Hive ransomware group was categorized as a top-five threat. Click here to read our previous blog post on Hive ransomware.
Through their investigation and discovery of decryption keys, the FBI noted that only about 20% of victims had reported their attack to the FBI. Ransomware groups typically threaten further harm if law enforcement is contacted after an attack. However, the investigation and infiltration were only successful because of victims who reported incidents and worked with law enforcement authorities worldwide.
Quanexus IT Support Services for Dayton and Cincinnati
Request your free network assessment today. There is no hassle, or obligation.
If you would like more information, contact us here or call 937.885.7272.
Follow us on Facebook, Twitter and LinkedIn and stay up to date on by subscribing to our email list.
