The FBI infiltrated and disrupted a major cybercriminal group that extorted schools, hospitals and critical infrastructure around the world, federal officials said Thursday.
The group, Hive, is one of the most prolific hacker gangs in the world, having received about $100 million in extortion payments, according to a November warning from the FBI, the Department of Health and Human Services, and the Cybersecurity and Infrastructure Security Agency. As of Thursday morning, its website on the dark web showed a message saying it had been seized by an international law enforcement coalition, including the FBI and Justice Department.
The FBI said it gained access to Hive’s computer networks in July 2022, acquiring decryption keys to more than 1,300 current and past victims, which helped prevent more than $130 million in demanded ransom money. Ransomware hackers extort victims by hacking into an organization, then either encrypting their files, rendering computers unusable, or stealing and threatening to leak those files. Previous ransomware attacks have resulted in the release of sensitive information about law enforcement officers and schoolchildren.
Those figures underscore just how large the ransomware crime ecosystem has grown. Jen Ellis, a co-chair of the Ransomware Task Force, a cybersecurity industry partnership to address ransomware, said the takedown on Thursday was a major step, but likely wouldn’t stop Hive entirely.
The FBI did not announce any arrests, but is still investigating the group. FBI Director Christopher Wray and Attorney General Merrick Garland announced the action in a news conference.
The takedown is a rare victory against a ransomware gang. Such groups often act with near-impunity in attacking targets in the U.S. and around the world.
“In the grand scheme of things, it probably won’t put Hive out of business, but it’s about attrition and cost,” Ellis said.
Ransomware gangs are often decentralized, with affiliate members who can be scattered around the world. But as is often the case with such groups, Hive’s core group spoke Russian, said Allan Liska, a ransomware analyst at the cybersecurity firm Recorded Future.
Russia does not extradite its citizens, and the White House has struggled to convince the Kremlin to take action against its international cybercriminals.
In a news conference following the announcement, Garland declined to comment about the Kremlin’s relationship with Hive.
The U.S. State Department’s Rewards for Justice program, which offers bounties on information related to high-profile terrorists and cybercriminals, announced Thursday that it would pay up to $10 million for information linking Hive hackers to a foreign government.
The Treasury Department has estimated that in 2021, the most recent year for which it has public data, ransomware attacks cost U.S. organizations $886 million.
Michael Daniel, the president of the Cyber Threat Alliance, an industry group that acts as a clearinghouse of threat information between cybersecurity companies, said he expected the FBI’s takedown to slow the global ransomware threat.
“I would say the impact will be noticeable for a period of time,” Daniel said.
But law enforcement needs to be consistently aggressive against such hackers to make a significant impact, he said.
“What I think we need to see is these kinds of takedowns happening very frequently,” Daniel said.