Working with worldwide legislation enforcement, the FBI mentioned it has seized management of the servers the Hive group makes use of to speak with members.
The FBI has revealed the outcomes of a month-long marketing campaign designed to thwart an notorious ransomware group identified for extorting hospitals, college districts and demanding infrastructure. On Thursday, the company introduced that it had labored with legislation enforcement businesses in Germany and the Netherlands to take management of the servers utilized by the Hive felony gang to speak with its members, thus slicing off its means to extort its victims.
The group’s darkish web page now shows a message in each English and Russian stating: “This hidden site has been seized. The Federal Bureau of Investigation seized this site as part of a coordinated law enforcement action taken against Hive Ransomware.”
SEE: Ransomware assaults are lowering, however firms stay susceptible (TechRepublic)
Another message signifies that this motion was taken by the United States Attorney’s Office for the Middle District of Florida and the Computer Crime and Intellectual Property Section of the Department of Justice with substantial help from Europol.
Jump to:
Takedown of Hive’s web site is the newest step
The takedown of the Hive web site is simply the newest in a collection of steps aimed toward disrupting the group’s capabilities. The FBI mentioned that since late July of 2022, it has penetrated the gang’s laptop networks, captured its decryption keys and supplied these keys to victims around the globe.
Offering the decryption keys to Hive victims is a vital motion, because it has saved them from collectively paying a ransom quantity of $130 million. Since the FBI’s marketing campaign began, greater than 300 decryption keys have been given to Hive victims underneath assault, whereas greater than 1,000 had been supplied to victims of the gang’s earlier assaults.
“Cybercriminals utilize sophisticated technologies to prey upon innocent victims worldwide,” mentioned U.S. Attorney Roger Handberg for the Middle District of Florida. “Thanks to the exceptional investigative work and coordination by our domestic and international law enforcement partners, further extortion by Hive has been thwarted, critical business operations can resume without interruption, and millions of dollars in ransom payments were averted.”
History of Hive
Surfacing in 2021, Hive launched a collection of assaults that shortly made it one of the vital lively and outstanding ransomware teams. Employing the ransomware-as-a-service mannequin, Hive develops the required ransomware instruments and applied sciences after which recruits associates to hold out the precise assaults. After the ransom is acquired, Hive associates and directors break up the cash 80/20, in line with the FBI.
Using the RaaS mannequin, Hive has focused quite a lot of sectors, together with hospitals, college districts, monetary companies and demanding infrastructure. Since June of 2021, the group has focused greater than 1,500 victims globally and captured greater than $100 million in ransom funds.
Tactics of Hive
Hive is understood for double extortion techniques wherein the attackers not solely decrypt the info to forestall its victims from accessing it however threaten to publicly leak the knowledge except the ransom is paid. The group has already revealed knowledge stolen from victims on its leak web site.
Hive associates achieve entry to the networks of meant victims via completely different strategies, in line with the U.S. Cybersecurity and Infrastructure Security Agency. In some instances, the attackers sneak in via single-factor account logins utilizing Remote Desktop Protocol, digital personal networks or different distant connection protocols.
In different instances, they exploit vulnerabilities in FortiToken authentication merchandise. And one other widespread tactic includes sending phishing emails with malicious file attachments.
Challenges in taking down ransomware teams
Ransomware teams are troublesome to totally wipe out as a result of the members are likely to resurface in different teams and capacities. But, the efforts by the FBI and different legislation enforcement businesses are designed to hit them on a number of fronts.
“While this is definitely a win, this is by no means the end of ransomware,” mentioned Jordan LaRose, follow director for infrastructure safety at safety consulting agency NCC Group. “We have already seen a reemergence from REvil, and Hive will possible comply with go well with in some kind.
SEE: The most harmful and harmful ransomware teams of 2022 (TechRepublic)
“But, takedowns like these doubtlessly deter attackers and potential payees and increase awareness of the long-term effects of paying attackers.”
Collaboration and cooperation amongst completely different legislation enforcement entities around the globe is vital to profitable the battle in opposition to ransomware attackers, LaRose added. Also of nice assistance is the power of safety consultants to supply vital risk intelligence to the FBI and different organizations.
Recommendations to fight ransomware
“For vulnerable organizations, this is why the primary focus must be getting their system back up and running after an attack,” mentioned Caroline Seymour, vp of product advertising for catastrophe restoration agency Zerto. “When a service provider is disabled and access to data is held in exchange for ransom, the best way to fight back and get up and running again is to have a recovery solution in place that protects systems from disruption and provides a path to instant recovery.”
However, many organizations flip to backups which can be a day or perhaps a week previous to revive their knowledge, Seymour added. That results in gaps and knowledge loss that may affect the enterprise and add to the general price of restoration.
“The key is having a solution that’s always on with enough granularity to recover to a point in time precisely before the attack occurred without time gaps,” Seymour mentioned. “The best solution will be one that uses continuous data protection and keeps valuable data protected in real time.”
Read subsequent: Following year-end ransomware storm, leaders batten hatches for sea of troubles in 2023 (TechRepublic)