Hive ransomware leak site and decryption keys seized in police sting • Graham Cluley
Websites used by the Hive ransomware-as-a-service gang to extort ransoms and leak data stolen from corporate victims have been seized in a joint operation involving police around the world.
Law enforcement agencies including Europol, the US Department of Justice, FBI, Secret Service, Europol, and Germany’s BKA and Polizei, teamed up to shut down the operations of the Hive gang which is thought to have extorted ransoms from over 1300 companies around the world, massing an estimated $100 million in the last 18 months.
Hive was a particularly notorious ransomware group because, unlike some of its rivals, it appeared to have no qualms about targeting healthcare institutions.
However, today, if you venture onto the dark web and visit Hive’s leak website, this is what you will see…
THIS HIDDEN SITE HAS BEEN SEIZED
The Federal Bureau of Investigation seized this site as part of a coordinated law enforcement action taken against Hive Ransomware.
This action has been taken in coordination with the United States Attorney’s Office for the Middle District of Florida and the Computer Crime and Intellectual Property Section of the Department of Justice with substantial assistance from Europol
Every few seconds, via the magic of an animated GIF, the message changes to one in Russian (presumably in an attempt to send a powerful message to over ransomware gangs).
A US Department of Justice press release has announced that the FBI penetrated Hive’s infrastructure in late July 2022, capturing decryption keys, and offering them to victims worldwide so they do not have to pay a ransom.
In all, the FBI says it has provided over 300 decryption keys to Hive victims since July 2022. In addition, over 1,000 decryption keys were made available to past Hive victims.
The FBI says it continues to investigate the Hive ransomware-as-a-service operation. Whether this eventually results in the identification and prosecution of those involved in blackmailing organisations remains to be seen…
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.