The FBI infiltrated and disrupted a major cybercriminal group that extorted schools, hospitals and critical infrastructure around the world, federal officials said Thursday.
The group, Hive, is one of the most prolific hacker gangs in the world, having received about $100 million in extortion payments, according to a November warning from the FBI, the Department of Health and Human Services, and the Cybersecurity and Infrastructure Security Agency. As of Thursday morning, its website on the dark web showed a message saying it had been seized by an international law enforcement coalition, including the FBI and Justice Department.
The FBI said it gained access to Hiveās computer networks in July 2022, acquiring decryption keys to more than 1,300 current and past victims, which helped prevent more than $130 million in demanded ransom money. Ransomware hackers extort victims by hacking into an organization, then either encrypting their files, rendering computers unusable, or stealing and threatening to leak those files. Previous ransomware attacks have resulted in the release of sensitive information about law enforcement officers and schoolchildren.
Those figures underscore just how large the ransomware crime ecosystem has grown. Jen Ellis, a co-chair of the Ransomware Task Force, a cybersecurity industry partnership to address ransomware, said the takedown on Thursday was a major step, but likely wouldnāt stop Hive entirely.
The FBI did not announce any arrests, but is still investigating the group. FBI Director Christopher Wray and Attorney General Merrick Garland announced the action in a news conference.
The takedown is a rare victory against a ransomware gang. Such groups often act with near-impunity in attacking targets in the U.S. and around the world.
āIn the grand scheme of things, it probably wonāt put Hive out of business, but itās about attrition and cost,ā Ellis said.
Ransomware gangs are often decentralized, with affiliate members who can be scattered around the world. But as is often the case with such groups, Hiveās core group spoke Russian, said Allan Liska, a ransomware analyst at the cybersecurity firm Recorded Future.
Russia does not extradite its citizens, and the White House has struggled to convince the Kremlin to take action against its international cybercriminals.
In a news conference following the announcement, Garland declined to comment about the Kremlinās relationship with Hive.
The U.S. State Departmentās Rewards for Justice program, which offers bounties on information related to high-profile terrorists and cybercriminals, announced Thursday that it would pay up to $10 million for information linking Hive hackers to a foreign government.
The Treasury Department has estimated that in 2021, the most recent year for which it has public data, ransomware attacks cost U.S. organizations $886 million.
Michael Daniel, the president of the Cyber Threat Alliance, an industry group that acts as a clearinghouse of threat information between cybersecurity companies, said he expected the FBIās takedown to slow the global ransomware threat.
āI would say the impact will be noticeable for a period of time,ā Daniel said.
But law enforcement needs to be consistently aggressive against such hackers to make a significant impact, he said.
āWhat I think we need to see is these kinds of takedowns happening very frequently,ā Daniel said.