(Editor's note: This story has been updated with new comment.)
The FBI and Justice Department today announced a victory against the cybercriminal group Hive, confirmed by the hackers themselves via a message posted by the group on the dark web.
Ransomware attacks, the process of cybercriminals seizing or preventing access to data and demanding payment before releasing the data back to the target, are the top cyberthreat faced by organizations. Hive in the past received millions of dollars from ransomware victims.
According to the announcement this morning from the FBI and Justice Department, the FBI in July 2022 infiltrated Hive's computer networks, obtained over 1,300 decryption keys used for ransomware attacks past and present and distributed them back to victims. The FBI also warned potential victims they were being targeted by Hive and prevented extortion demands that might have reached up to $130 million in payments.
No arrests were announced and the U.S. government doesn't believe the takedown will permanently cripple the ransomware group.
According to BleepingComputer, the Hive dark web post gives credit for the seizure not only to the FBI and Justice Department but also to the U.S. Secret Service, Europol and Germany's Federal Criminal Police Office and Baden-Württemberg Police agencies.
The British, Canadian, Dutch, French, Lithuanian, Norwegian, Portuguese, Romanian, Spanish and Swedish flags also appear on the dark web post that alternates in English and Russian text. And according to comment given to NBC by Allan Liska, ransomware analyst from cybersecurity company Recorded Future, the core group of Hive's cybercriminals spoke Russian.
We can safely not expect the Kremlin to cooperate with Western law enforcement on this issue, ever.
“Today’s disruption of the Russian Hive ransomware infrastructure underscores the historic international cooperation between law enforcement agencies. The International Ransomware taskforce is having an impact," Tom Kellermann, CISM, senior vice president of cyberstrategy at Contrast Security tells IndustryWeek.
"The real challenge lies in the protection racket that exists between the cybercrime cartels and the Russian regime, which endows them with untouchable status from western law enforcement. We must recognize that the majority of the proceeds from ransomware allow for Russia to offset economic sanctions," Kellermann adds.
"What the Cybersecurity and Infrastructure Security Agency (CISA), DOJ and the FBI are doing to disrupt ransomware is having a real impact. The ransomware gangs are finding it increasingly hard to make a living extorting companies. Extortion payments are down big time. More victims aren't paying. And it's becoming increasingly harder for the bad guys to make the same level of revenue they made in the past," says Roger Grimes, data-driven defense evangelist at KnowBe4.
"Because this is a RaaS (Ransomware-as-a-Service) structured group, many of the affiliates who actually carried out the attacks and were responsible for gaining initial network access of their victims are not likely to be swept up in this law enforcement action.[...] Unfortunately, there will be plenty of groups that are still operating that will be happy to welcome the affiliates associated with this group into their own teams, meaning this is not the end of ransomware by any means," says Erich Kron, security awareness advocate at KnowBe4.
"It is absolutely a step in the right direction and as more of these groups, especially high visibility ones like Hive, are dismantled by law enforcement, assets seized, and hopefully arrests made, we can certainly hope that this will make participating in cybercrime groups like this less appealing to potential cyber criminals,” Kron adds.