The US Justice Department announced on Thursday that it had shut down the Hive ransomware operation, which had extorted more than $100 million (about R1.7 billion) from more than 1 500 victims worldwide.
US attorney general Merrick Garland said US authorities working with law enforcement in Germany and the Netherlands took over the Hive’s website and servers after having infiltrated it for nearly seven months.
The infiltration helped hundreds of companies to avoid paying $130m in extortion demands made after Hive hacked and froze their data systems.
Deputy attorney general Lisa Monaco called the operation to infiltrate Hive a “21st-century cyber stakeout”.
“We hacked the hackers,” she said.
Hive operated as a ransomware service, meaning anyone could hire its software and other services to help hack into and lock down a target’s IT systems, and to process payments. The Hive and the client would share the profits from the extortion.
Since it first emerged in 2021 more than 1 500 companies and institutions have been hacked – their IT systems or databases encrypted by the Hive and back-up deleted or rendered inaccessible.
The hackers would demand large payments, often in cryptocurrency, in exchange for freeing up the systems.
If victims refused to pay, the Hive would publish confidential internal files and documents on the internet.
Victims included India’s Tata Power, German retail giant Media Markt, Costa Rica’s public health service, Indonesia’s state gas company and multiple US hospital groups, according to cybersecurity advisers.
Early on Thursday, the Hive’s website on the dark web was frozen and a screen alternating in English and Russian said it had been taken over by the US Federal Bureau of Investigation.
US officials said that by breaking into the Hive’s dark-web site and collecting information, Justice authorities were able to obtain the digital keys necessary to unlock a victim’s frozen data so that they were not forced to pay the Hive.
This helped prevent a Texas school district, a Louisiana hospital, and an unnamed foods services company, among others, from having to pay millions of dollars in ransom after being hit by a Hive attack, they said.
“For months, we helped victims defeat their attackers and deprived the Hive network of extortion profits,” said Monaco.
US authorities would not say who was behind the Hive or whether any arrests would accompany the shutdown of the operation, saying they were still investigating.
The investigation involved the FBI, the German Reutlingen Police Headquarters, the German Federal Criminal Police, the Netherlands National High-Tech Crime Unit, and Europol.