We hacked the hackers US infiltrated a major ransomware gang
We hacked the hackers US infiltrated a major ransomware gang
Share:

Washington: Attorney General Merrick Garland and other US officials announced Thursday that the FBI and international partners have at least temporarily disrupted the network of a prolific ransomware gang they infiltrated last year, targeting hospitals and schools. Victims such as Districts were spared a potential $130 million in ransom payments.

In a news conference, Deputy Attorney General Lisa Monaco said, "Simply put, we hack hackers using legal methods." According to authorities, the targeted syndicate, known as Hive, is one of the top five ransomware networks in the world and has primarily targeted the health care industry.

According to FBI Director Christopher Wray, the agency secretly gained access to its control room in July and obtained the software keys needed to work with German and other partners to decrypt the networks of about 1,300 victims worldwide.

Also Read: Moroccan migrants are in a precarious situation as they cling to their dreams of going to Europe

It's unclear how the takedown will affect Hive's operations in the long run. No arrests were reported, but officials said they were mapping the administrators who control the software and the accomplices who infected targets and bargained with victims to pursue lawsuits.

Ray said the investigation is still ongoing, so I think anyone involved with Hive should be concerned. FBI agents seized the network's auxiliary servers in Los Angeles on Wednesday night. Two Hive dark web sites were seized: one was used to collect extortion payments and the other was used to leak information about victims who were not paying.

Garland said that although cybercrime is a threat that is constantly changing, the Justice Department will use all available means to bring to justice anyone targeting the United States with a ransomware attack, regardless of where they are located .

According to him, the FBI's Tampa office led the intrusion, which allowed agents to disrupt the Hive attack against a Texas school district and prevent it from paying $5 million.

For the Justice Department, this is a significant victory. One of the biggest problems with cybercrime is ransomware, which has crippled everything from the Costa Rican government to the British Postal Service and the National Health Network in Ireland. These syndicates speak Russian and are protected by the Kremlin.

Thieves confiscate sensitive data, lock down or encrypt victims' networks, and demand large sums of money. Data is now stolen before ransomware is activated and then effectively held hostage as a result of their evolved form of extortion. Payment must be made in cryptocurrency to avoid being made public.

Garland used the peak of the COVID-19 pandemic in 2021, a Midwestern hospital's inability to accept new patients as an example of hive sting.
The online takedown notice mentions Europol and German law enforcement partners and alternates between English and Russian.

Cyber experts from Esslingen, a city in the southwest, were key in breaking into the Hive's criminal IT infrastructure after a local business was attacked, according to prosecutors in Stuttgart, who were cited by German news agency DPA.

In a statement, Europol claimed that Hive had infiltrated companies in more than 80 countries, including multinational oil companies, and that law enforcement agencies from 13 different countries were involved.

Hive ransomware attackers targeted more than 1,300 businesses worldwide between June 2021 and November 2022, earning nearly $100 million in ransom payments, according to a US government advisory from last year.

Also Read: In a bipartisan vote, the US House commends Iranian protesters

Criminals using Hive's ransomware-as-a-service tool targeted a wide variety of industries and critical infrastructure, particularly government, manufacturing and health care.

Although the FBI provided decryption keys to approximately 1,300 victims worldwide, Ray claimed that only about 20% alerted authorities to potential problems.

Fortunately, even though many victims did not report it, we were able to locate and assist them. However, Ray said, "This is not always the case. We can assist victims and others who call us victims when they report assaults to us."

Even if their network is quickly restored, victims sometimes pay the ransom in secret without alerting authorities because they fear their data will be leaked online. One of the risks is identity theft.

According to John Hultquist, head of threat intelligence at cybersecurity company Mandiant, the Hive disruption won't reduce overall ransomware activity, but it's still "a blow to a dangerous group."

A Hive competitor would be willing to provide a similar service in their absence because of the criminal marketplace at the root of the ransomware problem, but they might think twice before using their ransomware to target hospitals, according to Hallquist.

However, Brett Calo, an analyst with cybersecurity company Emsisoft, claimed the operation is likely to lead to a loss of confidence for ransomware criminals in what has previously been a very high-reward-low-risk industry.

The data collected could lead to the identification of collaborators, money-launderers and other ransomware supply chain participants." The indictments were predicted by Alan Liska of Recorded Future, a separate cybersecurity company, for months to come, if real. There was no arrest.

There aren't many encouraging signs in the global campaign against ransomware, but here is one: ransomware extortion payments decreased in 2017, according to a Chainalysis analysis of cryptocurrency transactions.

At least $456.8 million in payments were monitored, down from $765.6 million in 2021. The payouts were clearly low, although Chainalysis claims the true totals are unquestionably much higher. This could mean that more victims are avoiding paying.

The Biden administration began taking ransomware seriously at its highest level two years ago, following high-profile attacks that threatened critical infrastructure and international trade.

For example, in May 2021, hackers attacked the nation's largest fuel pipeline, forcing its operators to temporarily shut it down and pay a large ransom, which the US government later massively recovered. reimbursed.

37 nations have joined a global task force that started working this week. Australia, which has been particularly badly hit by ransomware involving a significant medical insurer and telcos, is leading the charge. Arrests and prosecutions, which are common law enforcement practices, have done little to deter criminal activity.

Australia's Interior Minister Claire O'Neill declared in November that cyber-intelligence and police agents could be used to "find these people, hunt them down and incapacitate them before they attack our country."

Also Read: China claims that Covid deaths have decreased by almost 80%

Decryption keys have previously been provided to the FBI. In the case of a significant 2021 ransomware attack on Kaseya, a business whose software powers hundreds of websites, it did just that. However, it was criticized for taking several weeks to provide assistance.

Join NewsTrack Whatsapp group
Related News