January 27, 2023

According to the Justice Department, the servers of the dreaded Hive ransomware group have been occupied by U.S. authorities after law enforcement highjacked its systems and gathered the keys to decrypt its attack software.

“Last night, the Justice Department dismantled an international ransomware network responsible for extorting and attempting to extort hundreds of millions of dollars from victims in the United States and around the world,” U.S. Attorney General Merrick B. Garland said in a statement.

Hive usually targets a victim by stealing sensitive data (emails, documents, pictures, and videos) and then encrypting their computer files, according to the Justice Department. The group would then demand a Bitcoin ransom for the decryption key required to restore the files, as well as further funds in exchange for a promise not to publish the stolen data on the dark web. Hive would publish the stolen data if the victim did not pay.

The group’s website is regarded as one of the most dangerous and prolific hacker gangs that targeted hospitals and public infrastructure. Extortion payments totaling more than $100 million have been received from thousands of victims. The website now displays a message stating that it was seized by an international law enforcement coalition comprised of the department and the FBI.

The operation, which took control of Hive’s servers and websites, was coordinated with German and Dutch law enforcement, according to the agency.

The sources for this piece include articles in Axios and Reuters.