CNN
—
The FBI has seized computer infrastructure used by a notorious ransomware gang that extorted more than $100 million from hospitals, schools and other victims around the world, US officials announced Thursday.
FBI Director Christopher Wray said at a press conference that since July, the so-called Hive ransomware group has had unusual access to its computer network, allowing victims to steal $130 from their computers so that they can decrypt their systems and block $130. You said that you are allowing the “key” of the $1 million ransom.
As of November, Hive ransomware has been used to extort about $100 million from more than 1,300 businesses worldwide, many of which are healthcare-related, US officials said.
A message appeared on a dark web website where Hive listed victims in Russian On Thursday, it said in English that it had been hijacked “as part of a coordinated law enforcement action” against the group by the FBI, the Secret Service and many European government agencies.
“Simply put, we used legal means to hack the hackers,” Deputy Attorney General Lisa Monaco told reporters.
Hive ransomware is especially prevalent in the healthcare sector. His single ransomware attack using Hive’s malicious software in August 2021 forced hospitals in the Midwest to turn away patients as Covid-19 surged, said attorney general. of his Merrick Garland said.
Other reported US hive victim organizations include a 314-bed hospital in Louisiana. The hospital thwarted an October ransomware attack, but the hacker still said he stole the personal data of nearly 270,000 patients.
“Hive put the safety and health of hospital patients at risk. Patients were one of the most vulnerable people,” said Health Information Sharing and said Errol Weiss, chief security officer for Analysis Center. “When hospitals are attacked and the medical system goes down, people can die.”
Thursday’s announcement is the latest in a series of Justice Department efforts to crack down on foreign ransomware groups that have locked computers, sabotaged operations and demanded millions of dollars to unlock the systems of U.S. companies. am. Law enforcement officials seized millions of dollars in ransomware payments and urged companies not to retaliate against criminals.
After a ransomware attack from suspected Russian cybercriminals shut down Colonial Pipeline, a major pipeline operator that sends fuel to the East Coast, for several days in May 2021, the ransomware epidemic began in the United States. made it more urgent for the authorities. The disruption has resulted in long lines at gas stations in multiple states as people stock up on fuel.
While the ransomware economy is still profitable, there are signs that sting operations by US and international law enforcement agencies are hurting hacker revenues. Ransomware revenue fell from $766 million in 2021 to about $457 million in 2022, according to data from cryptocurrency tracking firm Chainalysis.
While cybersecurity experts welcomed Hive’s removal, others feared another group would quickly fill the hole left by Hive.
“While the disruption of Hive services will not significantly reduce overall ransomware activity, it will be a blow to the dangerous groups that are attacking healthcare systems and putting their lives at risk,” Google said. John Hultquist, vice president of the cybersecurity company he owns, Mandiant told CNN.
“Unfortunately, the criminal market at the heart of the ransomware problem ensures that Hive’s competitors are standing by to offer a similar service in their absence, but ransomware is targeting hospitals. We might think twice before allowing it to be used to do so,” said Hultquist.
Wray said the FBI will continue to track down and attempt to arrest the people behind the Hive ransomware. It was not immediately clear where those people were. The Department of Health and Human Services considers the Hive to be a “probably Russian-speaking” group.
This story has been updated with additional details.
