Sunday, March 26, 2023 | Back issues
Courthouse News Service Courthouse News Service

Feds tout implosion of major ransomware network

Eradication of the Hive ransomware group comes about two weeks after its last attack.

WASHINGTON (CN) — Attorney General Merrick Garland announced Thursday that the Department of Justice and foreign authorities seized a ransomware network known as Hive.

Speaking to the press at department headquarters in Washington, Garland said the FBI worked with international partners to infiltrate the ransomware network last July and eventually tracked its computer servers to California.

“Last night, the Justice Department dismantled an international ransomware network responsible for extorting and attempting to extort hundreds of millions of dollars from victims in the United States and around the world,” Garland said.

Having secured clandestine access to Hive’s control panel over the summer, Garland continued, officials within the FBI Tampa Field Office have since offered keys to decrypt infected networks to more than 1,300 victims worldwide, preventing at least $130 million in ransom payments.

In one instance, a ransomware attack prevented a U.S. hospital from accepting any new patients “at a time when COVID-19 was surging in communities around the world,” Garland said, adding that the hospital had to use paper copies of patient information and was only able to recover data after it paid a ransom.

Hospitals, school districts, financial firms and critical infrastructure were among the more than 1,500 victims targeted by Hive worldwide.

The group’s most recent victim, Garland noted, was attacked about 15 days ago in the Central District of Florida.

U.S. officials say this image shows up on the ransomware site Hive, which was seized by the U.S. Department of Justice and foreign authorities. It was used during a press conference at the department headquarters in Washington on Thursday, Jan. 26, 2023. (Via Emily Zantow/Courthouse News)

FBI Director Christopher Wray said during the press conference that technical indicators led officials to Hive’s decryption keys, which they “turned around and provided to those in need.”

“We are engaged in what we call joint sequenced operations,” Wray said, “that includes everything from going after their infrastructure, going after their crypto, going after people who work with them here, getting the keys and making those available.

He continued: “But it also includes hunting people down with our partners around the world, and sometimes those people may face a U.S. criminal justice system that sometimes meditates charges with all of our many partners who are increasingly branching out.

“We’ve been able to exploit that access to help victims,” Wray said, “while keeping Hive in the dark.”

Over the past seven months, Wray said officials were able to prevent ransomware attacks against a university and a local medical specialty clinic, as well as victims overseas including a foreign hospital.

No arrests have been made but the FBI director warned that anyone involved with Hive “should be very concerned because this investigation is still very much ongoing.”

Last April, Department of Justice officials announced the seizure of one of the world’s largest hacker forums, RaidForums, and the arrest of the site’s founder and chief administrator, Diego Santos Coelho, of Portugal.

In November 2021, Garland announced the arrest of seven hacking suspects as part of a global law enforcement effort called Operation GoldDust.

The attorney general was joined Thursday by Deputy Attorney General Lisa O. Monaco, Assistant Attorney General Kenneth A. Polite, Jr. and U.S. Attorney Roger Handberg for the Middle District of Florida.

Read the Top 8

Sign up for the Top 8, a roundup of the day's top stories delivered directly to your inbox Monday through Friday.