The FBI seized control of a notorious ransomware gang’s servers and websites, crippling the group’s ability to launch cyberattacks and demand multimillion dollar ransoms from its victims, the Department of Justice said Thursday.
The ransomware group, known as the Hive, has targeted some of the nation’s most critical industries, including the healthcare sector, Attorney General Merrick Garland said Thursday during a press conference. Hive infiltrates computer systems and deploys malicious software that renders systems unusable. The group then demands a ransom in exchange for an encryption key that allows the victims to access their systems again.
In August 2021, Hive launched a cyberattack against a Midwest hospital, which forced it to stop accepting new patients and revert to paper records, Garland said. The hospital, which Garland did not name, was able to gain access to its systems after paying a ransom at a time when COVID-19 was surging, Garland said.
Since 2021 the group has extorted more than $100 million in ransom payments from 1,500 victims around the world.
But last summer, the FBI covertly infiltrated the group’s network and was able to hand over decryption keys to more than 300 victims of a Hive attack.
Federal law enforcement officials characterized it as a “21st century cyber stakeout.”
“Our investigative team turned the tables on Hive, swiping their decryption keys, passing them to victims, and ultimately averting more than $130 million in ransomware payments,” Deputy Attorney General Lisa Monaco said in a statement.
The covert efforts saved an unnamed Louisiana hospital from paying a $3 million ransom after it was hit by a Hive cyberattack, Garland said.
The American Hospital Association said the dismantling of the Hive gang is welcome news, but did not comment on the specific hospital victims mentioned by Garland.
However, press accounts and breaches reported to the federal government show a number of cyberattacks that occurred in August of 2021.
Memorial Health in Ohio was hit by a cyberattack in August of 2021, which forced it to cancel surgeries and revert to paper records, Fierce Healthcare reported at the time.
Eskenazi Health in Indiana diverted patients to other facilities and shut down access to medical records following an attempted cyberattack in August of 2021, according to the Indianapolis Star.