FBI Infiltrates Hive Network, Foils $130M in Ransom Demands

Last Updated:
FBI Infiltrates Hive Network, Foils $130M in Ransom Demands
  • FBI infiltrates a ransomware gang to help 300 victims and thwarts extortion of over $130 million.
  • Hive Network targeted hospitals, schools, and banking in over 80 countries.
  • The FBI says the operation was coordinated with German and Dutch law enforcement.

On Thursday, the Federal Bureau of Investigation (FBI) issued a statement announcing its success in seizing the ransomware group, Hive Network. The agency saved 300 victims, preventing them from paying $130 million in ransom demands.

The statement read, “Since late July 2022, the FBI has penetrated Hive’s computer networks, captured its decryption keys and offered them to victims worldwide,” which allowed them to stop $130M in the ransom demand. The FBI was able to hack through attacks to gain 300 decryption keys for Hive victims under attack.

Additionally, the agency gave 1,000 additional decryption keys to previous Hive victims. In coordination with German law enforcement and the Netherlands National High Tech Crime Unit, the department seized control of the servers and websites Hive used to communicate with its members, disrupting Hive’s ability to attack and extort victims. This was seen as a major victory for the agency.

Christopher Wray, FBI Director, states:

The FBI will continue to leverage our intelligence and law enforcement tools, global presence, and partnerships to counter cybercriminals who target American business and organizations.

The Hive group used a ransomware-as-a-service (RaaS) model featuring administrators (developers) and affiliates to extort money off victims. The developers created a ransomware strain with an easy-to-use interface to deploy against victims. Affiliates identified targets and deployed attacks for a percentage of 80/20 for each successful ransom payment.

According to the statement, Hive employed a double-extortion model of attack. Before encrypting the victim system, the affiliate would exfiltrate or steal sensitive data. The affiliate then sought a ransom for both the decryption key necessary to decrypt the victim’s system and a promise to not publish the stolen data.

When brought down, they had targeted more than 1500 victims in over 80 countries around the world, including hospitals, school districts, financial firms, and critical infrastructure.

Disclaimer: The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.