FBI Hits Ransomware Gang

John Lister's picture

The FBI says it disrupted a major ransomware network that had already taken around $100 million in payments. It says its work to infiltrate the Hive group saved a potential $130 million in future demands.

The group is said to have compromised networks run by hospitals and schools among other organizations. The $100 million compares with an estimated annual total of $886 million payments in the US across all ransomware attacks. (Source: nbcnews.com)

Scammers Pay Royalties

Hive is one of the more notorious "ransomware-as-a-service" groups. Its business model means individual attackers will use Hive's software to encrypt files remotely. They will then demand a payment to unlock the files and pass on a 20 percent fee to the Hive group. (Source: theverge.com)

Hive also operates a "leak" site on which it publishes the content of the files if victims fail to pay the ransom.

300 Victims Helped Out

The FBI says it used "lawful" hacking techniques to break into Hive's own systems. It was able to find around 1,000 decryption keys that the group could use if and when a victim paid up. It's worth noting that not all ransomware scammers will unlock files after a ransom payment, with some simply demanding increasingly large amounts.

While many of the keys can't be linked to victims because they have remained anonymous, the FBI was able to pass on keys to around 300 victims who had reported the attacks. A Louisiana hospital and a Texas school district are among those who've regained access without having to pay the ransom.

Investigators also worked with officials in Germany and Netherlands to shut down websites used by the Hive group, including one used as a "leak" site. That may do little more than spark an international game of whack-a-mole, however.

Attorney General Merrick Garland wouldn't publicly comment on suggestions Hive is linked to the Russian government. However, the State Department is offering a reward of up to $10 million for any information that links the group to a foreign government.

The FBI operation will most likely be a case of disruption rather than destruction when it comes to ransomware, but officials believe repeatedly retrieving decryption keys could threaten the group's business model.

What's Your Opinion?

Is this a good use of FBI resources? Will it encourage ransomware victims to report attacks? Does it matter who is ultimately behind ransomware?

Rate this article: 
Average: 4.9 (7 votes)


Unrecognised's picture

IT matters who's behind it, as divining motive and perpetrator are hand in glove, and discovering either is key to putting a stop to it. Even if the crime is decoupled from geography the stakes in the 'real' world aren't.

Many thanks for keeping us informed. The best newsletter I know. Fewer frills, better commentary.