True, the success of the FBI was not achieved on its own, the bureau enlisted the help of the National Crime Agency of Great Britain. The investigation lasted six months and resulted in the interruption of several ransomware campaigns.

What is known about the Hive and the FBI operation

The Hive group is believed to be responsible for multiple ransomware attacks against businesses and government agencies in the US and Europe. The group is known for distributing advanced variants of ransomware such as Maze, Dharma, and Trickbot.

The ransomware attacks have caused significant financial and operational losses to victims, and the FBI believes the group has demanded millions of dollars in ransom payments.

However, an FBI investigation revealed that the group relied on a system to store and process its data, which the agency could use to undermine the group’s operations. The organization, which learned about the attacks during the operation, warned the targets. The FBI also gained access to encryption keys and distributed them to victims, preventing ransom payments of approximately $130 million.

The success of the FBI

An arrest notice has been posted on the racketeer’s Tor sites listing other countries involved in the sanctions operation, including Germany, Canada, France, Lithuania, Netherlands, Norway, Portugal, Romania, Spain, France, Sweden and the UK.

Message / Photo from FBI

The FBI obtained access to two private servers and a virtual private server leased from a hosting provider in California using email addresses belonging to Hive members.

Thanks to the coordinated action, the Dutch police also gained access to two backup servers located in the Netherlands.

Using this access, law enforcement has verified that these servers serve as the primary location for data leaks, a site for negotiations, and web panels used by operators and affiliates.

Why is this important?

Hive’s disruption is a major victory for law enforcement and a reminder of the importance of cybersecurity.

The Hive cybercrime group operates as a Ransomware-as-a-Service (RaaS), which became operational in June 2021. They are known to infiltrate organizations through phishing campaigns, exploiting vulnerabilities in internet-connected devices, and using purchased credentials.

Criminals who rely on hacking and malware to carry out their attacks are also vulnerable to such attacks because their systems are not properly protected.