WASHINGTON — Federal investigators dismantled the pc networks of a cybercriminal group that had demanded a whole lot of hundreds of thousands of {dollars} in ransom from colleges, hospitals and different essential infrastructure, the Justice Division mentioned on Thursday.
In July, the F.B.I. and its counterparts in Germany, the Netherlands and the European regulation enforcement company Europol gained covert entry to the servers and web sites run by the group, Hive, thought of one of the crucial lively ransomware teams final yr. Over the subsequent few months, brokers hid within the system, recognized targets and repeatedly thwarted Hive’s makes an attempt to extort over 300 victims, stopping them from having to pay $130 million in ransoms.
The hassle was a “twenty first century cyber-stakeout,” Lisa O. Monaco, the deputy lawyer common, mentioned throughout a information convention on Thursday. “Merely put, utilizing lawful means, we hacked the hackers.”
The operation towards Hive is an element of a bigger effort by the division to fight ransomware, a worldwide menace that has grown lately and one which the Biden administration has deemed a nationwide safety precedence.
On Wednesday night time, officers seized two back-end laptop servers in Los Angeles utilized by Hive and dismantled its websites on the darkish internet, which permits customers to cover their identities, Lawyer Normal Merrick B. Garland mentioned within the information convention. The division didn’t announce any arrests, however officers mentioned the investigation was persevering with.
“Cybercrime is a consistently evolving menace,” Mr. Garland mentioned. “However as I’ve mentioned earlier than, the Justice Division will spare no useful resource to establish and convey to justice anybody, anyplace, who targets the USA with a ransomware assault.”
Since July 2021, Hive associates have operated a so-called double extortion scheme by which hackers encrypt the victims’ information, threaten to leak it on-line and demand a ransom cost, usually price hundreds of thousands of {dollars}, to return entry and a promise to not publish the stolen info.
By way of these assaults, the group efficiently extorted over $100 million in funds and focused over 1,500 colleges, hospitals, firms and different establishments that officers have deemed essential infrastructure. These embrace well being care teams and faculty districts in the USA in addition to main firms in Europe and Costa Rica’s public well being system.
In a single assault, on a hospital within the Midwest throughout the coronavirus pandemic in August 2021, Hive prevented the hospital from accepting new sufferers and from getting access to its digital database of affected person info, forcing hospital employees to depend on analog copies. The hospital recovered its information solely after paying a ransom.
Solely 20 p.c of Hive’s victims reported potential points to regulation enforcement, in response to Christopher A. Wray, the F.B.I. director, who urged different victims of ransomware to talk up.