The US Entered a Prominent Cyber-Crime Organisation for Over Six Months
Hive was hacked in July when FBI agents snuck into the firm covertly. Hive was apparently not ready to deploy the ransomware it liked or request or collect the $130 million from the many firms it targeted.
The FBI penetrated and spent six months in a famous ransomware gang’s network in one of its most sophisticated cybercrime investigations, Justice Department officials disclosed Thursday. Agents seized Hive’s server infrastructure and website earlier this week.
What Exactly Happened:
Attorney General Merrick Garland called Hive “an transnational ransomware system responsible for extorting & trying to scam hundreds of millions of dollars from people in the United States and throughout the world” Thursday.
The US believes Hive and its associates received over $100m (£81m) from over 1,500 people, including hospitals, school districts, financial firms, and essential infrastructure, in over 80 nations. One hospital stopped accepting patients.
In November 2021, US officials detained REvil gang members worldwide and recovered more than $6m in bitcoin in a “claw back” hacking operation.
In June 2021, the US shut down the Darkside gang and retrieved $4.1m.
NetWalker’s darknet domains were also shut down in January, and a prominent associate was detained in Canada.
The FBI says it has hacked and halted Hive, stopping them from blackmailing over 300 firms for $130 million in free bills.
Hive, a Ransomware-as-a-Service provider, licences its software to “affiliate” hackers—contract cybercriminals—who attack targets and split proceeds from effective extortions with the gang. Garland claimed Hive and also its affiliates had targeted a wide range of targets, including U.S. healthcare hospitals and medical centers during the COVID-19 outbreak, since its founding two years ago.
According to the DOJ, Hive has targeted over 1,500 firms in 80 countries and collected over $100 million in digital money charges from its victims. Hive’s geographical origins are unknown.
On Thursday, U.S. Attorney General Merrick Garland, FBI Director Christopher Wray, & Deputy Attorney General Lisa Monaco said that US government hackers broke into Hive’s network using ethical means to monitor the gang. The authorities obtained the group’s digital keys to open the victim organization’s data.
Monaco informed reporters, “We hacked the hackers legally.” “We beat Hive,” they remarked.
On Thursday, Reuters reported that Hive’s website flashed “The Federal Bureau of Investigation seized that site as part of coordinated law enforcement action conducted against Hive Ransomware,” revealing the take-down.
Udo Vogel, Baden-Wuerttemberg police commissioner, stated “Intensive collaboration across national boundaries and continents underpinned by mutual confidence is the key to combat against terrorism.”
Hive was one of the most prominent cybercriminal gangs that extorted worldwide corporations by encrypting their data & demanded large bitcoin payments.
Hive has extorted over $100 million from 1,500 victims in 80 countries, according to the Justice Department.
Common Ransomware:
- Ryuk
- Maze
- REvil (Sodinokibi)
- Lockbit
- DearCry
- Lapsus$
How To Stay Protected Against Ransomware:
Use Best Methods:
Preparation reduces ransomware costs and damage.Ransomware may be mitigated by adopting these recommended practises:
Education and Training:
Phishing emails propagate ransomware. Ransomware prevention training is essential. User education is one of an organization’s most essential defences against cyberattacks, since many begin with an aimed email that does not include malware but instead entices the user to press on a harmful link.
Data backups continuously:
Ransomware is software that requires payment to decrypt data. Automated, secured data backups let a company recover from such an attack without losing data or paying a ransom. To avoid data loss and restore it after corruption or disc hardware failure, data backups should be done regularly. Functional backups may also aid ransomware recovery.
Patching:
Ransomware assaults generally target unpatched computers because cybercriminals hunt for the newest flaws in updates. Thus, firms must update all systems to decrease the amount of vulnerabilities an attacker may exploit.
User Authentication:
Ransomware attackers utilise stolen credentials to access RDP. Strong user authentication helps prevent attackers from using guessed or stolen passwords.
How to Remove Ransomware?
How to Stop Ransomware:
After data encryption and a ransom letter appear on the compromised machine, many ransomware assaults are discovered. The encrypted data may be unrecoverable, however these procedures should be followed immediately
Keep the PC On:
Encrypting data may make a machine unstable, while switching off can erase volatile memory. Leave the machine on to enhance recuperation.
Wipe/Restore:
Restore from a fresh backup or OS installation. This removes malware altogether.
Get Help:
Computers backup files. If the virus didn’t wipe them, a computer forensics specialist may retrieve them.
Check for Decryptors:
Check the No More Ransom Program for free decryptors. If so, try it on a duplicate of the encrypted files to recover files.
Block the Machine:
Some ransomware strains propagate to linked drives and devices. Remove prospective targets to limit virus propagation.