FBI brings down massive ransomware gang by “hacking the hackers”

TechSpot is about to celebrate its 25th anniversary. TechSpot means tech analysis and advice you can trust.

What just happened? In what could be described as beautifully ironic, a notorious ransomware-as-a-service (RaaS) gang has been brought down after the FBI infiltrated its systems, disrupted operations, and seized its sites. Or, as the Deputy US Attorney General put it, they “hacked the hackers.”

Speaking at a news conference, US Attorney General Merrick Garland, FBI Director Christopher Wray, and Deputy U.S. Attorney General Lisa Monaco announced that the government secretly infiltrated the Hive ransomware gang’s networks in July 2022 before launching a six-month monitoring operation.

During this infiltration, the government was able to steal more than 300 decryption keys from Hive and distribute them to victims who were under attack, preventing around $130 million in ransom payments, including $5 million from a Texas school district. The feds also distributed over 1,000 additional decryption keys to previous Hive victims.

The FBI used its access to Hive’s infrastructure to warn targets about impending attacks, giving them time to bolster their systems and prepare. Hive’s Tor payment and data leak sites were also seized.

As per Bleeping Computerthe FBI gained access to two dedicated servers and one virtual private server at a hosting provider in California that were leased using email addresses belonging to Hive members. In a coordinated move, Dutch police also gained access to two dedicated backup servers hosted in the Netherlands. Law enforcement confirmed that these servers acted as the main data leak site, negotiation site, and web panels for Hive and its affiliates.

As per the affidavit: “In addition to decryption keys, when the FBI examined the database found on Target Server 2, the FBI found records of Hive communications, malware file hash values, information on Hive’s 250 affiliates, and victim information consistent with the information it had previously obtained through the decryption key operation.”

An FBI message (above) on the seized Hive Tor website notes that many countries were involved in the co-ordinated takedown, including Germany, Canada, France, Lithuania, Netherlands, Norway, Portugal, Romania, Spain, Sweden, and the United Kingdom.

“Using lawful means, we hacked the hackers,” Monaco told reporters. “We turned the tables on Hive.”

Hive, which launched in June 2021, targeted more than 1,500 victims in 80 different countries throughout its existence. As with other RaaS organizations, it rented out the malware to other criminals for a cut of the ransom.

The gang had collected more than $100 million in ransomware payments, and while no arrests have been announced, a department official suggested that would soon change. Unlike other ransomware operators, Hive never stated any intent to avoid targeting hospitals or emergency services.

Masthead credit: Sebastian Stam

Note: This article have been indexed to our site. We do not claim legitimacy, ownership or copyright of any of the content above. To see the article at original source Click Here

Related Posts
How engineering leaders can use AI to optimize performance thumbnail

How engineering leaders can use AI to optimize performance

Alex Circei is the CEO and co-founder of Waydev, a development analytics tool that measures engineering teams' performance. More posts by this contributor If there’s one area where most engineering teams are not making the most of AI, it’s team management. Figuring out how to better manage engineers is often approached like more of an
Read More
Google's own processor Tensor runs out for the first time, so is Pixel 6 like this? thumbnail

Google's own processor Tensor runs out for the first time, so is Pixel 6 like this?

不知道為何 Google 已經很久沒有用上旗艦處理器了,因此也開始被消費者嫌棄,但之前突然公告將在下一代自家旗艦 Pixel 6 系列使用自家研發的 Tensor 處理器,或許和蘋果一樣,用自己處理器做最好的自己產品。雖然目前尚不知曉這款 SoC 的正式商用名稱,但有傳言稱它是 Samsung 與 Google 合作製作。早前預計它會像 2021 年的其它旗艦處理器一樣,採用全新的 ARM Cortex-X1 設計,至於這顆處理器性能如何?近日一款名稱直接標示為「Google Pixel 6 Pro」的機型,在跑分平台 Geekbench 5 曝光了其處理器架構與性能。架構方面,與其他 Cortex-X1 架構處理器差別很大,為 2 個 Cortex-X1、2 個 Cortex-A76、以及 4 個 Cortex-A55 核心。跑分單核 881、多核 2938,單從跑分來看,已經可以追上 Snapdragon 865 SoC 了,單核與 Snapdragon 888 接近,但多核差距巨大,不過作為 Google 自家第一顆量產處理器,能有這樣的成績相當不錯,而且由這處理器的設計來看似乎「另有所圖」。當然,處理器不能單純只看跑分性能,功率、發熱也是重點,就架構來看,兩個高性能的 X1 核心,比起其他單一 Cortex-X1 架構處理器有著明顯的優勢,但老舊的 A76 在功耗確實不太好,至於 4 個…
Read More
Just in time for the Pixel Watch: Wear OS rotates display content thumbnail

Just in time for the Pixel Watch: Wear OS rotates display content

Wear OS 3 Hier und da fehlt es Wear OS immer noch an Funktionen, die eigentlich fast wie selbst verständlich klingen. Dazu gehört die seit Jahren gewünschte Rotation der Displayinhalte. Es gibt gute Nachrichten. Google arbeitet an einer eigenen Wear OS-Uhr und scheint auch auf die Community zu hören. Manchmal allerdings erst nach ein paar…
Read More
Apple Podcasts now recommends shows to follow through ‘Listen With’ famous people feature thumbnail

Apple Podcasts now recommends shows to follow through ‘Listen With’ famous people feature

There’s a new way to discover new shows on Apple Podcasts starting today – a new “Listen With” editorial collection surfaces podcasts based on what artists, journalists, and podcasters recommend. Apple is also sharing new insight into how its recently launched paid subscription feature for podcasters is performing. Listen With Apple’s all-new “Listen With” collection…
Read More
Index Of News
Consider making some contribution to keep us going. We are donation based team who works to bring the best content to the readers. Every donation matters.
Donate Now

Subscription Form

Liking our Index Of News so far? Would you like to subscribe to receive news updates daily?

Total
0
Share