Hive ransomware leak site and decryption keys seized in police sting

Hive ransomware leak site and decryption keys seized in police sting

Hive ransomware leak site seized by law enforcementHive ransomware leak site seized by law enforcement

Websites used by the Hive ransomware-as-a-service gang to extort ransoms and leak data stolen from corporate victims have been seized in a joint operation involving police around the world.

Law enforcement agencies including Europol, the US Department of Justice, FBI, Secret Service, Europol, and Germany’s BKA and Polizei, teamed up to shut down the operations of the Hive gang which is thought to have extorted ransoms from over 1300 companies around the world, massing an estimated $100 million in the last 18 months.

Hive was a particularly notorious ransomware group because, unlike some of its rivals, it appeared to have no qualms about targeting healthcare institutions.

Sign up to our newsletter
Security news, advice, and tips.

However, today, if you venture onto the dark web and visit Hive’s leak website, this is what you will see…

Hive seizedHive seized


The Federal Bureau of Investigation seized this site as part of a coordinated law enforcement action taken against Hive Ransomware.

This action has been taken in coordination with the United States Attorney’s Office for the Middle District of Florida and the Computer Crime and Intellectual Property Section of the Department of Justice with substantial assistance from Europol

Every few seconds, via the magic of an animated GIF, the message changes to one in Russian (presumably in an attempt to send a powerful message to over ransomware gangs).

A US Department of Justice press release has announced that the FBI penetrated Hive’s infrastructure in late July 2022, capturing decryption keys, and offering them to victims worldwide so they do not have to pay a ransom.

In all, the FBI says it has provided over 300 decryption keys to Hive victims since July 2022. In addition, over 1,000 decryption keys were made available to past Hive victims.

The FBI says it continues to investigate the Hive ransomware-as-a-service operation. Whether this eventually results in the identification and prosecution of those involved in blackmailing organisations remains to be seen…

Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.

Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon’s Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy.
Follow him on Twitter at @gcluley, on Mastodon at @[email protected], or drop him an email.

Leave a Reply

Your email address will not be published. Required fields are marked *