WASHINGTON — Federal investigators took down the computer network of a cybercrime group that demanded hundreds of millions of dollars in ransom from schools, hospitals and other critical infrastructure, the Justice Department said Thursday.
In July, the FBI and its counterparts in Germany, the Netherlands and European law enforcement agency Europol gained covert access to servers and websites run by the Hive group, which was considered one of the most active ransomware groups last year. one. Over the next few months, the agents stayed hidden in the system, identifying targets and repeatedly foiling Hive’s attempts to extort more than 300 victims from paying the $130 million ransom.
Lisa O. Monaco, deputy attorney general, said at a news conference Thursday that the work was “21st century cyber surveillance.” “Simply put, we took on the hackers with legal means.”
The action against Hive is part of the department’s larger effort to combat ransomware, a global threat that has grown in recent years and that the Biden administration has made a national security priority.
Attorney General Merrick B. Garland said at a news conference that officials seized two back-end computer servers used by Hive in Los Angeles on Wednesday night and took down its dark web site. website, which allows users to hide their identity. The department did not announce any arrests, but officials said the investigation is continuing.
“Cybercrime is an ever-evolving threat,” Mr Garland said. “But as I’ve said before, the Department of Justice will stop at nothing to identify and bring to justice anyone, anywhere, who is targeting the United States for ransomware attacks.”
Since July 2021, Hive affiliates have run a so-called double-extortion scheme, in which hackers encrypt victims’ data, threaten to leak it online, and demand a ransom, often worth millions of dollars, to return access and Commitment not to publish stolen information.
Through these attacks, the group managed to extort more than $100 million, targeting more than 1,500 schools, hospitals, companies, and other institutions officially deemed critical infrastructure.These include U.S. health care groups and school districts as well as big company in Europe and Costa Rica’s public health system.
In an attack on a Midwestern hospital during the coronavirus pandemic in August 2021, Hive prevented the hospital from accepting new patients and accessing its digital database of patient information, forcing hospital staff to rely on analog copies. The hospital only recovered the data after paying the ransom.
Only 20 percent of Hive victims report potential problems to law enforcement, according to FBI Director Christopher A. Wray, who urged other victims of ransomware to speak out.
