US seizes assets of ransomware group Hive

The US authorities have seized the assets of a ransomware group Hive, which has extorted thousands of victims for over $100 million in extortion payments, after law enforcement infiltrated its systems and seized decryption keys of its attack software.
Hacking and cyber security
An international law enforcement coalition including the FBI and the department seized the website for the group, which was considered among the most dangerous and prolific hacker groups that targeted hospitals and public infrastructure.

“In a 21st-century cyber stakeout, our investigative team turned the tables on Hive. Using lawful means, we hacked the hackers,” Lisa Monaco, the US deputy attorney general, said.

“In 2022, Hive was the most prolific family that we directly observed in incident response engagements, accounting for over 15 percent of the ransomware intrusions that we responded to. Their victims have spanned a wide range of countries, but the most significant impact has been in the US, with 50 percent of all its public victims being based here,” Kimberly Goody, Senior Manager, Mandiant Intelligence, Google Cloud, said.

Hackers behind Hive used a ransomware-as-a-service model, selling their ransomware code to affiliates who carried out the actual attacks, making it harder for authorities to identify and investigate them, said media reports.

Senior justice department officials said — FBI agents accessed Hive’s network last year in order to provide victims with decryption keys so they could regain control of their systems, blocking about $130 million in ransom demands.

The Hive ransomware attack in the summer of 2021 prevented a hospital in the US midwest from accepting new patients and forced it to run all its operations on paper.

The disruption of the Hive service won’t cause a serious drop in overall ransomware activity but it is a blow to a dangerous group that has endangered lives by attacking the healthcare system,” said John Hultquist, Head of Mandiant Threat Intelligence, Google Cloud.

Ransomware attacks cost US organizations $886 million in 2021, the most recent year for which statistics are available, according to the US Treasury Department.