US Dismantles Massive Hive Ransomware Attack Network – AFP/File

US and German authorities announced this Thursday (26) the downfall of one of the world’s major ransomware attack networks, known as The Hive, which is accused of extorting money from more than 1,500 victims in 80 countries.

U.S. Attorney General Merrick Garland said Hive’s servers were hijacked and authorities took control of his website on the “dark web,” a part of the Internet that regular browsers can’t access.

“Yesterday, the Department of Justice dismantled an international ransomware network responsible for extorting and attempting to extort hundreds of millions of dollars from victims in the United States and around the world,” Garland said at a press conference in Washington.

The operation was carried out in coordination with the police in Germany and the Netherlands, as well as the European Union Agency for Police Cooperation, Europol, added FBI Director Christopher Wray.

After infiltrating a computer system, ransomware hackers encrypt company data and demand payment to unlock it.

First spotted in June 2021, Hive is accused of taking over $100 million in ransom. If the victims refused to pay, the network threatened to release confidential internal files and documents.

Hive’s victims include Costa Rica’s public health service, India’s Tata Power, German retail giant Media Markt, Indonesia’s state gas company, and several U.S. hospital groups, according to cybersecurity firms.

US hospitals, the Costa Rican health service, German retailer Media Markt, Indonesian state gas company and Indian giant Tata Power have been targeted by Hive, according to cybersecurity companies.

On Thursday, the dark web site Hive was frozen, with a screen that alternated between English and Russian saying it had been taken over by the FBI.

– “Hacking hackers” –

According to Ray, by June, the FBI had successfully infiltrated Hive’s networks and obtained his encryption key, which it offered to victims around the world over the next few months, avoiding a $130 million payout.

Thanks to the Texas school district, the Louisiana hospital and an unnamed foodservice company, for example, millions of dollars in ransom were not paid after the Hive attack, US officials said.

The FBI also distributed copies of this key to former victims of the Hive so that they could fully recover their data.

“Unfortunately, in those seven months, we found that only 20% of Hive victims went to the police,” said the head of the FBI, who asked all companies and organizations to contact their agents as soon as possible in the event of an attack.

The prosecutor’s office in Stuttgart, Germany, said in a statement that the operation, dubbed “Dawn”, was the result of an investigation that its services launched after attacks on companies in the region.

These, however, “did not succumb to blackmail and informed the authorities,” he stressed.

“Once again, intensive cooperation and mutual trust across borders and continents has been demonstrated to be the key to effectively combating major cybercrime,” said Udo Vogel, police chief in Reutlingen, southwest Germany, quoted in the report.

“We hack hackers,” US Department of Justice number two Lisa Monaco noted.

“For several months, we helped the victims fight off the attackers and deprive the network of criminal profits,” he added.

US authorities have not said who is behind Hive or if there will be any arrests after the operation, indicating that the investigation is ongoing.