2

DOJ disrupts major ransomware group that extorted about $100M including from schools and hospitals

Kevin Collier and Ken Dilanian
·3 min read

The FBI infiltrated and disrupted a major cybercriminal group that extorted schools, hospitals and critical infrastructure around the world, federal officials said Thursday.

The group, Hive, is one of the most prolific hacker gangs in the world, having received about $100 million in extortion payments, according to a November warning from the FBI, the Department of Health and Human Services, and the Cybersecurity and Infrastructure Security Agency. As of Thursday morning, its website on the dark web showed a message saying it had been seized by an international law enforcement coalition, including the FBI and Justice Department.

The FBI said it gained access to Hive’s computer networks in July 2022, acquiring decryption keys to more than 1,300 current and past victims, which helped prevent more than $130 million in demanded ransom money. Ransomware hackers extort victims by hacking into an organization, then either encrypting their files, rendering computers unusable, or stealing and threatening to leak those files. Previous ransomware attacks have resulted in the release of sensitive information about law enforcement officers and schoolchildren.

Those figures underscore just how large the ransomware crime ecosystem has grown. Jen Ellis, a co-chair of the Ransomware Task Force, a cybersecurity industry partnership to address ransomware, said the takedown on Thursday was a major step, but likely wouldn’t stop Hive entirely.

The FBI did not announce any arrests, but is still investigating the group. FBI Director Christopher Wray and Attorney General Merrick Garland announced the action in a news conference.

The takedown is a rare victory against a ransomware gang. Such groups often act with near-impunity in attacking targets in the U.S. and around the world.

“In the grand scheme of things, it probably won’t put Hive out of business, but it’s about attrition and cost,” Ellis said.

Ransomware gangs are often decentralized, with affiliate members who can be scattered around the world. But as is often the case with such groups, Hive’s core group spoke Russian, said Allan Liska, a ransomware analyst at the cybersecurity firm Recorded Future.

Russia does not extradite its citizens, and the White House has struggled to convince the Kremlin to take action against its international cybercriminals.

In a news conference following the announcement, Garland declined to comment about the Kremlin’s relationship with Hive.

The U.S. State Department’s Rewards for Justice program, which offers bounties on information related to high-profile terrorists and cybercriminals, announced Thursday that it would pay up to $10 million for information linking Hive hackers to a foreign government.

The Treasury Department has estimated that in 2021, the most recent year for which it has public data, ransomware attacks cost U.S. organizations $886 million.

Michael Daniel, the president of the Cyber Threat Alliance, an industry group that acts as a clearinghouse of threat information between cybersecurity companies, said he expected the FBI’s takedown to slow the global ransomware threat.

“I would say the impact will be noticeable for a period of time,” Daniel said.

But law enforcement needs to be consistently aggressive against such hackers to make a significant impact, he said.

“What I think we need to see is these kinds of takedowns happening very frequently,” Daniel said.

This article was originally published on NBCNews.com

Recommended Stories

  • Exodus of Wealthy Chinese Accelerates With End of Covid Zero

    (Bloomberg) -- President Xi Jinping’s decision to dismantle Covid travel restrictions is accelerating an exodus by wealthy Chinese, who could fuel billions in capital outflows as they plow cash into property and assets abroad.Most Read from BloombergHindenburg’s Short Sell Call Shaves $12 Billion Off Adani StocksHindenburg vs Adani: The Short Seller Taking on Asia's Richest PersonNYSE Mayhem Traced to a Staffer Who Left a Backup System RunningExodus of Wealthy Chinese Accelerates With End of Cov

  • HarperCollins, striking workers agree to federal mediation

    HarperCollins Publishers and the union representing some 250 striking employees have agreed to enter into federal mediation, the first sign of a possible settlement since the work stoppage began in early November. “We are excited to have this opportunity to continue bargaining with HarperCollins and hope they finally are ready to put a fair offer on the table,” Olga Brudastova, president of Local 2110 UAW, said in a statement Thursday. HarperCollins, owned by Rupert Murdoch's News Corp, issued a statement saying it hoped that meeting with an outside mediator would provide “a path forward.”

  • Top prosecutor orders release of Beirut port blast detainees

    Lebanon’s top prosecutor Wednesday ordered the release of all suspects detained in the investigation into the deadly 2020 port blast in Beirut and filed charges against the judge leading the probe, he told The Associated Press. The move by chief prosecutor Judge Ghassan Oweidat marked another blow to the investigation, which has stalled for years. The probe has threatened to rattle Lebanon’s ruling elite, which is rife with corruption and mismanagement, and has helped push the country into an unprecedented economic meltdown.

  • Doomsday Clock 2023 says the world is closer than ever to global catastrophe

    The Doomsday Clock was moved forward on Tuesday to 90 seconds to midnight due in part to worries over Russian's veiled threats of nuclear warfare.

  • DOJ disrupts global ransomware gang

    The Department of Justice announced on Thursday that it dismantled an international ransomware group responsible for extorting more than $100 million in payments from organizations based in the U.S. and around the world. The ransomware group, known as Hive, has targeted more than 1,500 victims around the world since its operation began in June 2021,…

  • Marshall man faces several charges following multi-county chase

    Michael Bilbrey, 45, was arraigned in Barry County District Court Wednesday. He now faces several criminal charges.

  • US announces it seized Hive ransomware gang's leak sites and decryption keys

    The infrastructure behind Hive, one of the most prolific ransomware operations, has been seized by law enforcement agencies in the United States and Europe. Hive saw its dark web portal seized as part of a coordinated law enforcement action carried out by the U.S. Department of Justice, the FBI, Secret Service and several European government agencies, just months after the federal government's cybersecurity unit CISA sounded the alarm about Hive's ongoing extortion efforts. "This action has been taken in coordination with the United States Attorney's Office for the Middle District of Florida and the Computer Crime and Intellectual Property Section of the Department of Justice with substantial assistance from Europol."

  • Bill Clinton, George W. Bush, and Barack Obama say they have no classified documents

    Joe Biden and Donald Trump are facing classified documents controversies, but so far not the three that preceded them.

  • Divided U.S. House members spar over national security committee seats

    Members of the U.S. House of Representatives traded jabs on Wednesday over Republican Speaker Kevin McCarthy's decision to remove three Democrats from the intelligence and foreign affairs committees, two years after Democrats ousted two Republicans from committee assignments. Reflecting the bitter divide in the newly seated House, where Republicans hold a slim majority, McCarthy on Tuesday formally rejected Representatives Adam Schiff and Eric Swalwell as members of the House Permanent Select Committee on Intelligence. Schiff is the panel's former chair and Swalwell has been a long-standing member.

  • 'Says a whole lot more about him': Elaine Chao speaks out about Donald Trump's racist comments on her

    Former Transportation Secretary Elaine Chao spoke out against former President Donald Trump as he has previously made racist comments about her.

  • EXPLAINER: Why the US flipped on sending tanks to Ukraine

    For months, U.S. officials balked at sending M1 Abrams tanks to Ukraine, insisting they were too complicated and too hard to maintain and repair. Ukraine's desperate pleas for tanks were answered with a sweeping, trans-Atlantic yes.

  • North Carolina Preacher Skydives For 98th Birthday

    "If you have fear, you don't have faith."

  • Donald Trump’s 2024 Campaign Faces Trouble in Crucial Iowa

    (Bloomberg) -- Donald Trump doesn’t always get his calls to Iowa returned these days.Most Read from BloombergHindenburg vs Adani: The Short Seller Taking On Asia’s Richest PersonNYSE Mayhem Traced to a Staffer Who Left a Backup System RunningHindenburg’s Short Sell Call Shaves $12 Billion Off Adani StocksWe Asked ChatGPT to Make a Market-Beating ETF. Here’s What HappenedThe former president, itching to seal up support early in what remains a key state in the Republican presidential contest, has

  • Leon Schools changes bathroom policy for transgender students as LGBTQ guide falls in line with state law

    Leon County Schools has updated its bathroom policy for students who identify as transgender.

  • Don't identify as human? North Dakota schools don't want you

    Six Republican members of the North Dakota Legislature introduced a bill Wednesday that would send a clear message to nonhuman-identified students: You’re not wanted in the Roughrider State.

  • Granderson: Challenging Kyrsten Sinema makes the primary so wild that national Democrats will just stand back

    Rep. Ruben Gallego's plan to run against the now-independent incumbent in the Democratic primary is unusual, but it's been a long time coming.

  • Recession is almost a given, and Biden's team 'don't know what they are talking about' as they play down the risk, Santa Lucia investment chief says

    Investors should brace themselves for an almost certain recession this year, according to the chief investment officer of Santa Lucia Asset Management.

  • Mass layoffs will result in a surge in business startups — again

    The surge in new business startups after a recession may look like an expected result, but this time the opportunities are different and plentiful.

  • Daughter shoots parents, herself in yard, PA cops say. Family ‘pre-planned’ deaths

    Communications between the family members revealed they had planned their deaths, officials say.

  • Biden to take aim at House GOP proposals in economic speech

    President Joe Biden is expected to criticize the fiscal proposals of House Republicans in his first major economic speech of the year.