Hive Ransomware Group Infrastructure hive’d
Share this:
The infrastructure of the Hive ransomware group was taken offline after a joint operation between law enforcement agencies in North America and Europe.
In this operation led by the U.S. FBI, the agents first infiltrated the group and its networks in late July. Since then, the FBI has provided more than 300 decryption keys to Hive victims who were under attack and distributed 1,000 keys to previous Hive victims.
The raids on the group took place on Jan. 25 as the German Federal Criminal Police and the Netherlands National High Tech Crime Unit seized control of servers and websites used by Hive to communicate with its members. This activity disrupts the Hive’s ability to attack and extort victims.
Hive first emerged in 2021 and operates on a ransomware-as-a-service basis. The gang had successfully extorted more than 1,300 businesses for more than $100 million in payments since June 2021. Its main targets have included government facilities, communications, critical manufacturing, information technology, healthcare, and public health.
The response to Hive allegedly being taken down has been met positively,of prominent ransomware gangs are often short-lived. That there were seemingly no arrests during the raids on Hive means that those behind the group are still in the wild, and establishing new servers and sites is not a challenging task for hackers who successfully infiltrate Fortune 500 companies.
There may be a temporary decline in ransomware activity in the wake of the website seizure as groups scramble to harden defenses and tighten their inner circles, but that won’t make a noticeable impact on global ransomware attacks.
This action will have a short-term effect on the proliferation of ransomware, Hive operates under a RaaS model, meaning they use affiliates that are responsible for gaining the initial foothold and then dropping the ransomware payload and those affiliates will turn to other ransomware operators, and pick up where they left off.
