FBI takes down Hive ransomware group | Gen Tech

Working with worldwide police, the FBI mentioned it has taken management of the servers the Hive group makes use of to speak with members.

The FBI has revealed the outcomes of a month-long marketing campaign designed to thwart an notorious ransomware group recognized for extorting cash from hospitals, faculty districts, and important infrastructure. On Thursday, the company introduced that it had labored with legislation enforcement in Germany and the Netherlands to grab management of the servers utilized by the legal gang Hive to speak with its members, thereby slicing off their capacity to extort cash from their victims.

The group’s darkish web site now shows a message in English and Russian that reads: “This hidden web site has been seized. The Federal Bureau of Investigation seized this web site as a part of a coordinated legislation enforcement motion in opposition to Hive Ransomware.”

SEE: Ransomware assaults are declining, however firms stay susceptible (TechRepublic)

One other message signifies that this motion was taken by america Lawyer’s Workplace for the Center District of Florida and the Division of Justice’s Pc Crime and Mental Property Part with substantial help from Europol.

Leap to:

Hive web site takedown is the final step

The takedown of Hive’s web site is simply the newest in a sequence of steps geared toward disrupting the group’s capabilities. The FBI mentioned that starting in late July 2022, it hacked into the gang’s laptop networks, captured their decryption keys, and supplied these keys to victims all over the world.

Providing the decryption keys to Hive victims is an important transfer, because it has saved them from collectively paying a $130 million ransom. Because the FBI’s marketing campaign started, greater than 300 decryption keys have been given to Hive victims beneath assault, whereas greater than 1,000 got to victims of earlier assaults by the gang.

“Cybercriminals use refined applied sciences to benefit from harmless victims all over the world,” mentioned US Lawyer Roger Handberg for the Center District of Florida. “Because of the distinctive investigative work and coordination of our home and worldwide legislation enforcement companions, extra Hive extortions have been thwarted, crucial enterprise operations can resume with out interruption, and hundreds of thousands of {dollars} in safety funds have been prevented. rescue”.

hive historical past

Hive, which appeared in 2021, launched a sequence of assaults that shortly made it one of the vital lively and outstanding ransomware teams. Utilizing the ransomware-as-a-service mannequin, Hive develops the mandatory ransomware instruments and applied sciences, then recruits associates to hold out the precise assaults. After receiving the ransom, Hive associates and directors cut up the cash 80/20, based on the FBI.

Utilizing the RaaS mannequin, Hive has focused a wide range of sectors, together with hospitals, faculty districts, monetary corporations, and important infrastructure. Since June 2021, the group has focused greater than 1,500 victims worldwide and has obtained greater than $100 million in ransom funds.

hive techniques

Hive is understood for its double extortion techniques by which attackers not solely decrypt knowledge to forestall their victims from accessing it, however threaten to publicly leak the knowledge except the ransom is paid. The group has already posted knowledge stolen from victims on its leak web site.

Hive associates achieve entry to the networks of supposed victims via a wide range of strategies, based on the US Cybersecurity and Infrastructure Safety Company. In some instances, attackers sneak in via account logins a single issue utilizing Distant Desktop Protocol, Digital Non-public Networks, or different distant connection protocols.

In different instances, they exploit vulnerabilities in FortiToken authentication merchandise. And one other widespread tactic is to ship phishing emails with malicious attachments.

Challenges to take away ransomware teams

Ransomware teams are troublesome to get rid of utterly as a result of members are likely to reappear in different teams and capacities. However, the efforts of the FBI and different legislation enforcement businesses are designed to hit them on a number of fronts.

“Whereas that is undoubtedly a victory, it’s not at all the top of ransomware,” mentioned Jordan LaRose, director of infrastructure safety apply at safety consulting agency NCC Group. “We have already seen a revival of REvil, and it is doubtless that Hive will observe go well with in some type.

SEE: Probably the most harmful and damaging ransomware teams of 2022 (TechRepublic)

“However, takedowns like these actually deter potential attackers and beneficiaries and lift consciousness of the long-term results of paying attackers.”

Collaboration and cooperation between completely different legislation enforcement entities all over the world is vital to successful the battle in opposition to ransomware attackers, LaRose added. Additionally useful is the flexibility of safety consultants to offer crucial risk intelligence to the FBI and different organizations.

Suggestions to fight ransomware

“For susceptible organizations, for this reason getting your system working once more after an assault needs to be the first focus,” mentioned Caroline Seymour, vice chairman of product advertising and marketing at catastrophe restoration firm Zerto. “When a service supplier is disabled and entry to knowledge is withheld for ransom, the easiest way to struggle again and get again up and operating is to have a restoration answer that protects programs from outages and supplies a path to restoration. prompt restoration. .”

Nonetheless, many organizations flip to backups that take a day or perhaps a week to revive their knowledge, Seymour added. That results in knowledge breaches and loss that may have an effect on the enterprise and enhance the general price of restoration.

“The bottom line is to have an answer that’s at all times on with sufficient granularity to get well to a degree in time exactly earlier than the assault occurred with no time lag,” Seymour mentioned. “The perfect answer will likely be one which makes use of steady knowledge safety and retains helpful knowledge protected in actual time.”

Learn subsequent: After year-end ransomware storm, leaders anticipate a sea of ​​bother in 2023 (TechRepublic)