FBI Takes Down Ransomware Gang’s Website
In other cybersecurity news …
The FBI on Thursday confirmed it had been able to access the computer network of the Hive ransomware group since July 2022.
During that time, the agency was able to capture and provide decryption keys to 336 victims of the group, preventing more than $130 million in ransom payments. Additionally, it stopped a ransomware attack on a Louisiana hospital and one targeting a school in Texas, saving both victims from paying a ransom.
The Hive group’s dark web leak sites have been taken down. The group has targeted more than 1,500 victims in over 80 countries around the world, including hospitals, school districts, financial firms and critical infrastructure.
Tim Morris is Tanium‘s chief security advisor for the Americas. He said this is a “huge development.”
“In cybersecurity, there is a tendency to be on one’s heels from a defensive posturing standpoint,” he said. “Concentrated offensive actions such as this expansive takedown not only disrupt the criminal crew’s immediate activities, but also compromise their overall operation by obtaining the encryptions keys to stolen data. This could lead to the recovery of data previously thought lost or inaccessible, which is a significant victory for authorities. While it’s unlikely to make all victims whole, even a partial recovery of data is promising. Obtaining the keys is one of the biggest wins in this case by far.”
Kurt Baumgartner is principal researcher at Kaspersky.
“This coordinated effort is what we need to see more of from law enforcement around the world,” he said. “Some of this effort in letting the activity progress may seem somewhat controversial, but generating decryption keys for victims over time helps to exhaust the group’s resources. Yes, in all likelihood, another gang is going to fill the void. It takes time and effort, but the incentives are in the hundreds of millions of dollars.”
Law enforcement put on display some impressive capabilities in infiltrating, seizing and disrupting some of the gang’s resources, Baumgartner said.
“The actors behind this group have shown a reckless disregard for human life in their efforts to victimize schools and hospitals,” he said. “We urge people to never pay any ransom if they are attacked and to check nomoreransom.org to see if there is an available encryption key to unlock their data.”
