Saturday, January 28, 2023

 

DIGITAL LIFE


Armed Met police officers

FBI and Europol seize infrastructure of notorious ransomware group Hive

FBI Director Christopher Wray said that since July 2022, FBI agents had "secret access" to a control panel used by cybercriminals from the Hive group, which allowed them to identify more than 1,300 victims to whom they offered passwords. decryption and thus prevent extorting at least 130 million USD.

"Our investigation team legally infiltrated the Hive Group's network and hid there for months, repeatedly extracting decryption keys and passing them on to victims to free them from ransomware," Deputy U.S. Attorney Lisa Monaco said during a press conference. On thursday.

“For months, we helped victims defeat their attackers and deprived the Hive network of extortion profits. Simply put, we use legal means to hack hackers and destroy their business model.”

The FBI said that since it appeared in June 2021, Hive has attacked 1,500 victims in more than 80 countries. US Attorney General Merrick Garland cited dozens of specific instances where they were able to help victims deal with a ransomware attack, noting that the group had a special affinity for attacks on schools and hospitals during the COVID-19 pandemic. 19, which is highly unusual, as competing groups at least pretend to prevent attacks on health institutions. The gang used a double-extortion tactic often used by ransomware groups. This means that attackers not only encrypt data on infected systems, but also put pressure on victims by threatening to publicly disclose the data they stole when they infiltrated the network.

Ray said the action against the Hive group was carried out in cooperation with Europol and relevant agencies in Germany, the Netherlands, Canada, France, Ireland, Lithuania, Norway, Portugal, Romania, Spain, Sweden and Great Britain. He explained that operational meetings were held in Portugal and the Netherlands to support the operation and share “available data for various cases inside and outside the EU, and support the investigation”.

The FBI said it has provided more than 300 decryption keys to victims of Hive currently under attack and more than 1,000 keys to previous victims.

"Our efforts in this case saved victims over one hundred million dollars in ransom payments and likely more in remediation costs," the US Department of Justice said.

Garland said they finally decided to break into the group's systems after locating servers in Los Angeles that cybercriminals used to store sensitive information. Servers were seized on Wednesday night, shutting down Hive's darknet site. Now on the group's website there is a notification about the seizure.

Ray said he found that only around 20% of victims reported ransomware attacks to authorities in their countries, highlighting the problem of victims simply not reporting to the police and instead paying the ransom.

Europol said Hive's success is due to the "ransomware-as-a-service" model, where affiliates receive 80% of the ransom and ransomware developers the remaining 20%. Analysis of server data revealed information on 250 associates recruited by developers and directly responsible for attacks and extortion.

The US State Department announced on Twitter to offer a $10 million reward for information that could help link the Hive group and other cybercriminals responsible for attacks on critical US infrastructure to foreign governments.

So far, no arrests have been announced and officials declined to comment on whether they are expected. However, Europol said four specialists had been sent to "coordinate activities on the ground".

Ray told reporters that "everyone involved with Hive should be concerned as this investigation is still ongoing." He added that suspects could be tried in the United States or Europe.

The director of the FBI also said that this case is unique because the FBI has never had this type of access to a ransomware group's infrastructure, which has allowed them to help a large number of victims.

This action spells the end of the Hive, but it rarely has any effect on people who are members of these gangs. Indeed, it often happens that the same people continue to work under a different name. Thus, members of the infamous Conti ransomware group formed a new group called BlackBasta, while the DarkSide ransomware group first became BlackMatter, and later the group's name was changed to BlackCat/ALPHV.

The Hive group was among the most active groups in 2022. According to data published by Intel471, it was responsible for about 9% of reported ransomware attacks in the third quarter of last year.

mundophone

at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

  DIGITAL LIFE 'Moltbook' risks: The dangers of AI-to-AI interactions in health care A new report examines the emerging risks of aut...

  • (no title)
    TECH In Memoriam: The Tech That Died in 2018 A bongo enthusiast once said, "time is a flat circle," which is a pretentious...
  • (no title)
      OPPO New and unprecedented model Find X6 will debut with a huge photo sensor Oppo has a strong smartphone lineup lately, offering great fo...
  • (no title)
      TSMC TSMC unit, NXP of Netherlands unveil Singapore chip plant plan An affiliate of Taiwan chip titan TSMC has joined Dutch chip maker NXP...