One of the most active cybercriminal actors, Hive ransomware, has lost its infrastructure after combined forces of law enforcement agencies from the US and Europe seized it.
Hive’s dark web portal was shut down by a joint law enforcement operation executed by the US Department of Justice, the Secret Service, the Federal Bureau of Investigation, and multiple European government entities.
The operation commenced a few months after CISA announced the increased activity of the ransomware group in the cybercriminal landscape.
The now dismantled Hive ransomware infrastructure displayed a notice indicating that law enforcement had taken it down.
The FBI displayed a seizure notice on the Hive ransomware leak site, saying that the hidden website is now shut down. The notification also explained that the seizure operation is coordinated with Europol and the US Attorney’s Office for Florida and Computer Crime.
Authorities have also confirmed earlier this week that it managed to access the Hive ransomware’s computer network since July last year. The intrusion enabled their team to harvest and provide Hive’s decryption keys to its victims globally.
Currently, the FBI has aided numerous Hive ransomware victims since its takeover. Hence, the takedown has prevented a whopping $130 million worth of ransom payments.
In related news, the FBI has disrupted a Hive ransomware campaign against a Louisiana-based healthcare facility, which prevented the victim from paying about $3 million in ransom payments.
One of the most critical campaigns of the group during the past few months was a ransomware operation against a big-time power-generation company in India called Tata Power.
Hive is a cybercriminal entity that runs a ransomware-as-a-service (RaaS) model. The group has prioritised targeting various industries and critical infrastructure, with attacks mostly focused on healthcare and public health organisations.
Reports also revealed that the FBI has started demolishing the ransomware group’s front and back infrastructure in the United States and overseas. This operation also included the takeover of two Hive ransomware back-end infrastructures in LA.
The FBI has yet to reveal how they identified the Hive ransomware infrastructure and if arrests are involved during the seizure.
