FBI takes down Hive ransomware network in groundbreaking 'hack-the-hackers' operation

Justice Department officials announced on Thursday that agents infiltrated and spent approximately six months embedded in the network of a prominent ransomware gang in one of the FBI's most sophisticated cybercrime operations to date. This gang, known as Hive, was disrupted earlier this week when agents took down its website and seized its server infrastructure.

Hive ransomware network has been taken down by FBI

Attorney General Merrick Garland characterized Hive as "an international ransomware network responsible for extorting and attempting to extort hundreds of millions of dollars from victims in the United States and around the world.”

Hive's business model as a ransomware-as-a-service provider has been to license its malware to “affiliate” hackers, also known as contract cybercriminals, who would attack targets and share profits from successful extortions with the gang.

Garland stated that the online gang and its affiliates have targeted a vast array of victims since Hive's emergence approximately two years ago, including U.S. healthcare facilities and hospitals at the height of the Covid-19 pandemic.

By hacking the hackers, FBI helps hundreds of victims

According to officials, the government was able to discover the encryption keys required to decrypt victims of its attacks after infiltrating the Hive network. Police were able to provide approximately 300 decryption keys to victims who were being actively targeted by Hive, who stole nearly $130 million from victims. 

According to officials, another 1,000 decryption keys were given to the gang's previous victims. Agents weren't given any specifics about how they got the keys.

Officials refused to comment on whether any arrests would be made in connection with the operation, citing an "ongoing investigation."