SoylentNews

upstart writes:

The feds' actions saved victims over $130 million:

What just happened? In what could be described as beautifully ironic, a notorious ransomware-as-a-service (RaaS) gang has been brought down after the FBI infiltrated its systems, disrupted operations, and seized its sites. Or, as the Deputy US Attorney General put it, they "hacked the hackers."

Speaking at a news conference, US Attorney General Merrick Garland, FBI Director Christopher Wray, and Deputy U.S. Attorney General Lisa Monaco announced that the government secretly infiltrated the Hive ransomware gang's networks in July 2022 before launching a six-month monitoring operation.

During this infiltration, the government was able to steal more than 300 decryption keys from Hive and distribute them to victims who were under attack, preventing around $130 million in ransom payments, including $5 million from a Texas school district. The feds also distributed over 1,000 additional decryption keys to previous Hive victims.

The FBI used its access to Hive's infrastructure to warn targets about impending attacks, giving them time to bolster their systems and prepare. Hive's Tor payment and data leak sites were also seized.

As per Bleeping Computer, the FBI gained access to two dedicated servers and one virtual private server at a hosting provider in California that were leased using email addresses belonging to Hive members. In a coordinated move, Dutch police also gained access to two dedicated backup servers hosted in the Netherlands. Law enforcement confirmed that these servers acted as the main data leak site, negotiation site, and web panels for Hive and its affiliates.

[...] The gang had collected more than $100 million in ransomware payments, and while no arrests have been announced, a department official suggested that would soon change. Unlike other ransomware operators, Hive never stated any intent to avoid targeting hospitals or emergency services.

Original Submission