DOJ says it disrupted a major global ransomware group

The US Department of Justice has spent months infiltrating and disrupting the Hive ransomware group, the agency announced on Thursday. The DOJ says Hive has targeted over 1,500 victims in more than 80 countries, extorting hundreds of millions of dollars in ransom payments.

Working with German and Netherlands law enforcement, the FBI seized Hive’s servers and websites, allegedly slowing the group’s ability to attack and extort new victims. It first infiltrated Hive’s network in July 2022, providing over 300 decryption keys to Hive’s current victims and more than 1,000 keys to previous victims — preventing over $130 million in ransom payments. The agency hasn’t announced any arrests. However, it’s still investigating the group, according to NBC News.

Hive used a ransomware-as-a-service (RaaS) model, where administrators (essentially the ringleaders) create ransomware strains with easy-to-use interfaces. The administrators then recruit affiliates who use the ransomware software to carry out the theft — and likely much of the risk.

For example, Hive would steal a victim’s data and encrypt their system. The affiliate would then demand a ransom in exchange for the decryption key and a promise not to publish the data. (Of course, it would frequently target the most sensitive data to apply maximum pressure.) If the victims pay, affiliates and administrators would split the ransom 80 / 20. Those unwilling to pay would find their data leaked on the web.

MANDEL NGAN via Getty Images

The US Cybersecurity and Infrastructure Security Agency (CISA) says Hive gained access through single-factor logins via Remote Desktop, VPNs, exploiting FortiToken (software-based access key) vulnerabilities and phishing emails with malicious attachments.

“Last night, the Justice Department dismantled an international ransomware network responsible for extorting and attempting to extort hundreds of millions of dollars from victims in the United States and around the world,” said US Attorney General Merrick Garland today. “We will continue to work both to prevent these attacks and to provide support to victims who have been targeted. And together with our international partners, we will continue to disrupt the criminal networks that deploy these attacks.” The FBI recommends victims contact their local FBI field office.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission. All prices are correct at the time of publishing.

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.