The United States Department of Justice (DOJ) recently announced that it has successfully taken down the HIVE ransomware network, an international cybercrime ring that had been responsible for stealing and encrypting the data of more than 1,500 companies from 80 different countries.
The operation was a coordinated effort between the DOJ, Europol, and law enforcement agencies from 13 different countries, including Canada, France, Germany, the United Kingdom, and the United States.
According to the DOJ, the HIVE ransomware network had been operating for several years, using the "ransomware-as-a-service" model to target a wide range of businesses and critical infrastructure sectors, including government facilities, telecommunication companies, manufacturing, information technology, and healthcare and public health.
U.S. Attorney General Merrick Garland discussed the case:
"Last night, the Justice Department dismantled an international ransomware network responsible for extorting and attempting to extort hundreds of millions of dollars from victims in the United States and around the world.
Cybercrime is a constantly evolving threat. But as I have said before, the Justice Department will spare no resource to identify and bring to justice, anyone, anywhere, who targets the United States with a ransomware attack.
We will continue to work both to prevent these attacks and to provide support to victims who have been targeted. And together with our international partners, we will continue to disrupt the criminal networks that deploy these attacks."
In one major attack, HIVE affiliates targeted a hospital, which led to severe repercussions in how the hospital could deal with the COVID-19 pandemic. Due to the attack, this hospital had to resort to analogue methods to treat existing patients, and was unable to accept new ones.
The HIVE ransomware network was particularly dangerous because it used a double extortion model, in which the cybercriminals would copy data and then encrypt the files and then ask for a ransom to both decrypt the files and to not publish the stolen data on the Hive Leak Site.
The DOJ reported that the operation to take down the HIVE ransomware network was a significant success, with the decryption keys being identified and shared with many of the victims, helping them regain access to their data without paying the cybercriminals.
Europol also announced that it had streamlined victim mitigation efforts with other EU countries, which prevented private companies from falling victim to HIVE ransomware. Law enforcement provided the decryption key to companies which had been compromised in order to help them decrypt their data without paying the ransom. This effort has prevented the payment of more than $130 million of ransom payments.
Europol played an important role in the operation, funding operational meetings in Portugal and the Netherlands, providing analytical support linking available data to various criminal cases within and outside the EU, and supporting the investigation through cryptocurrency, malware, decryption, and forensic analysis.
Europol also deployed four experts to help coordinate the activities on the ground and supported the law enforcement authorities involved by coordinating the cryptocurrency and malware analysis, cross-checking operational information against Europol's databases, and providing further operational analysis and forensic support.
The DOJ and Europol have both praised the success of the operation, with the DOJ stating that it sends a clear message to cybercriminals they will be held accountable for their actions, and Europol stating that it will continue to work with its partners to disrupt and dismantle cybercrime networks.
Follow SecureWorld News for more information related to cybersecurity.
