HIVE ransomware network taken down by the FBI

The international ransomware network Hive was responsible for over 1,500 Internet attacks, 70 of them in Germany. Now the network has been taken down by US investigators with the support of German officials. How did they do it and who is behind Hive?

Hive was one of the five largest and most influential hacker networks worldwide, as reported by West German Broadcasting (WDR). The cyber attacks were primarily aimed at hospitals, financial companies and operators of critical infrastructure such as oil companies. Overall, companies in over 80 countries were affected by attacks by Hive.

Photo: Pixabay / TheDigitalArtist

The FBI, was able to infiltrate and dismantle Hive with the support of law enforcement agencies from 13 countries. Lisa Monaco, the US Deputy Attorney General, said according to The Verge: "Simply put, using lawful means, we hacked the hackers."

According to The Verge, "The FBI claims that by covertly hacking into Hive servers, it was able to quietly snatch up over 300 decryption keys and pass them back to victims whose data was locked up by the group."

The Verge also reported that in a statement to the press, US Attorney General Merrick Garland explained how the FBI was able to use decryption keys to unlock several systems being held ransom: a Texas school district that was being asked for a $ 5 million, a hospital in Louisiana facing a $3 million ransom, and a food services company facing $10 million in ransom.

This text now appears on one of the websites on the Darknet: "The Federal Bureau of Investigation seized this site as part of a coordinated law enforcement action". The logos of the US Department of Justice, the cybercrime department of the Federal Criminal Police Office and the police headquarters in Reutlingen in Baden-Württemberg, Germany can also be seen.

So far, no further details about the people behind Hive have been announced. FBI Director Christopher Wray said the investigation was ongoing and that people involved with Hive should worry.

Teenagers sitting in the basement, eating pizza, drinking coke and trying their hand at hacking?  According to the German cyber expert Wolfgang Straßer, these are no longer the modern day hackers, as reported in WDR. Today, hacker gangs are "absolute top professionals" in the field of "organized crime," according to Straßer.

Photo: Pixabay / B_A

For the most part, the hackers do not carry out attacks with money claims on companies and organizations themselves, but write the attack programs, which they resell. According to Straßer, there is a division of labor.

Photo: Pixabay / geralt

A group of hackers is responsible for the attacks and finding gaps in systems. This group sends attack programs to various systems of companies and other organizations via automation. Gaps in the systems are exposed to the hackers via the programs.

Photo: Pixabay / iAmMrRob

Here, profit is already generated within the hacker network, because this first group sells the information about weak points in the systems to a second group. This second group writes explicit programs for the respective system gaps in order to paralyze the systems.

Photo: Pixabay / geralt

The entire package of system vulnerabilities and attack programs is then sold to criminals. According to WDR, they then use the program to launch targeted attacks. This group of criminals make money from ransom demands.

Photo: Pixabay / Pexels

The malicious programs are called ransomware, also known as blackmail software. The programs can block computers or encrypt data. Those affected by the attack only receive a decryption of their data after the ransom has been paid to the attackers. This is a digital form of hostage-taking. According to the Tagesschau, the ransom payments are mostly made in the digital currency Bitcoin.

Photo: Pixabay / TheDigitalArtist

Merrick Garland, US Attorney General, stated according to WDR that by breaking up Hive the victims could be saved from ransom payments of around 130 million dollars. According to the Tagesschau, the network had already stolen over 100 million dollars in ransom.

According to the Frankfurter Allgemeine Zeitung (FAZ), Garland stated that the investigators had been active in the Hive networks for some time and had given the victims of cyber attacks the passwords to unlock their data.

The exact number of cyber attacks worldwide cannot be precisely quantified, as the number of unreported cases is high. According to WDR, experts believe that companies do not contact the police because they fear damage to their own image. In the case of Hive, only about 20% of the victims contacted authorities, according to the FBI.

Photo: Pixabay / xusenru

In August 2021, Hive attacked the Memorial Health System in the United States, as reported by Spiegel. As a result, the three associated hospitals had to postpone urgent operations.