Hive ransomware leak site and decryption keys seized in police sting

Hive ransomware leak site seized by law enforcement

Websites used by the Hive ransomware-as-a-service gang to extort ransoms and leak data stolen from corporate victims have been seized in a joint operation involving police around the world.

Law enforcement agencies including Europol, the US Department of Justice, FBI, Secret Service, Europol, and Germany’s BKA and Polizei, teamed up to shut down the operations of the Hive gang which is thought to have extorted ransoms from over 1300 companies around the world, massing an estimated $100 million in the last 18 months.

Hive was a particularly notorious ransomware group because, unlike some of its rivals, it appeared to have no qualms about targeting healthcare institutions.

Sign up to our newsletter
Security news, advice, and tips.

However, today, if you venture onto the dark web and visit Hive’s leak website, this is what you will see…

Hive seized

THIS HIDDEN SITE HAS BEEN SEIZED

The Federal Bureau of Investigation seized this site as part of a coordinated law enforcement action taken against Hive Ransomware.

This action has been taken in coordination with the United States Attorney’s Office for the Middle District of Florida and the Computer Crime and Intellectual Property Section of the Department of Justice with substantial assistance from Europol

Every few seconds, via the magic of an animated GIF, the message changes to one in Russian (presumably in an attempt to send a powerful message to over ransomware gangs).

A US Department of Justice press release has announced that the FBI penetrated Hive’s infrastructure in late July 2022, capturing decryption keys, and offering them to victims worldwide so they do not have to pay a ransom.

In all, the FBI says it has provided over 300 decryption keys to Hive victims since July 2022. In addition, over 1,000 decryption keys were made available to past Hive victims.

The FBI says it continues to investigate the Hive ransomware-as-a-service operation. Whether this eventually results in the identification and prosecution of those involved in blackmailing organisations remains to be seen…

Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.

Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon’s Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy.
Follow him on Twitter at @gcluley, on Mastodon at @[email protected], or drop him an email.

Hive ransomware leak site and decryption keys seized in police sting

Leave a Reply Cancel reply

Google addressed the sixth Chrome Zero-Day vulnerability in 2023

Okta reveals additional attackers’ activities in October 2023 Breach

Thousands of secrets lurk in app images on Docker Hub

Threat actors started exploiting critical ownCloud flaw CVE-2023-49103

International police operation dismantled a prominent Ukraine-based Ransomware group

iOS 17 NameDrop privacy scare: What you need to know

Daixin Team group claimed the hack of North Texas Municipal Water District

Securing the software supply chain webinar

Healthcare provider Ardent Health Services disclosed a ransomware attack

Ukraine’s intelligence service hacked Russia’s Federal Air Transport Agency, Rosaviatsia

Iranian hacker group Cyber Av3ngers hacked the Municipal Water Authority of Aliquippa in Pennsylvania

Ethyrial: Echoes of Yore hacked! 17,000 game accounts “lost”

Why IT teams should champion AI in the workplace, and deploy secure AI tools safely to their teams

The hack of MSP provider CTS potentially impacted hundreds of UK law firms

Rhysida ransomware gang claimed China Energy hack

Related Posts

Leave a Reply Cancel reply