Thursday, January 26, 2023

DoJ says it 'hacked the hackers' - Hive Ransomware nailed

The FBI revealed it had secretly hacked and disrupted a prolific ransomware gang called Hive, a maneuver that allowed the bureau to thwart the group from collecting more than $130m in ransomware from more than 300 victims. Government hackers broke into Hive's network and put the gang under surveillance, surreptitiously stealing the digital keys the group used to unlock victim data. They were then able to alert victims in advance so they could take steps to protect their systems before Hive demanded the payments. Over the years, Hive has targeted more than 1,500 victims in 80 different countries, and collected more than $100m in ransom. There were no arrests.
Hive was responsible for at least 11 incidents involving U.S. government organizations, schools, and healthcare providers last year. Hive thrived on targeting hospitals. Hive was initially observed in June 2021. During 2021, Hive made headlines when it attacked Europe's largest consumer electronics retailer, MediaMarkt.

The Hive leak site, dubbed "HiveLeaks", was hosted in the dark web and remained stable compared with other leak sites. Any person with access to the TOR URL could access it publicly, as it is not protected by any passwords. To further pressure their victims to pay, affiliates would publish details of the breach and data stolen and use a countdown to add urgency if payments are not met in time (double extortion). Hive server's Application Programming Interface (API) has also been seized by the authorities, indicating a complete takedown of the gang's infrastructure.