Federal officials announced the results of a months’ long infiltration campaign against a major international ransomware group called Hive on Thursday. The group’s numerous digital extortion schemes netted members over $100 million in payments. Since June 2021, Hive has subjected over 1,500 victims across 80 countries to attacks targeting critical infrastructure, healthcare, as well as financial firms and public school systems.
According to the Dept. of Justice filings, the FBI first gained access to Hive in July 2022, and soon amassed over 1,300 decryption keys they then provided to past and current victims, saving them an estimated $130 million in the process. Federal officials working with law enforcement organizations in Germany and the Netherlands have also succeeded in seizing and shutting down websites used by Hive members to communicate and coordinate attacks.
Ransomware campaigns function much as one might expect—users’ private and sensitive data is hacked and encrypted, then held indefinitely unless they pay the orchestrators. Often, this data still finds its way onto dark web marketplaces, as was the case with over 16,000 schoolchildren’s personal info in 2021.
Shuman Ghosemajumder, former Global Head of Product, Trust & Safety at Google, believes this week’s announcement is a positive development in countering ransomware gangs like Hive, while also highlighting just how advanced these organizations have become.
“The DOJ’s announcement today sheds light on how different groups were responsible for compromising machines (using everything from stolen passwords to phishing), building the ransomware toolkit, and administering the payment schemes,” Ghosemajumder told PopSci via email. Ghosemajumder says that although many still conjure images of lone hackers causing digital havoc, the public should be far more aware of increasingly complex networks of bad actors.
[Related: Hackers could be selling your Twitter data for the lowball price of $2.]
“Their revenue sharing scheme between cybercriminal groups reminds me of how we did revenue sharing at Google,” he writes, adding that organizations like Hive “are clearly mimicking legitimate businesses in many ways.”
Unfortunately, experts caution that this rare victory against ransomware gangs won’t put a wholesale end to Hive participants’ activities. Although the FBI maintains its investigations are ongoing and arrests are likely imminent, the decentralized, largely anonymous nature of these sorts of organizations ensures their ability to reform into new structures and campaigns over time. “In the grand scheme of things, it probably won’t put Hive out of business, but it’s about attrition and cost,” Jen Ellis, a co-chair of the cybersecurity industry partnership, Ransomware Task Force, told NBC News on Thursday.
“The complexity and scale of cybercrime today goes far beyond anything society has seen in the physical world, so it’s hard for most people to have intuition for how it works or how to deal with it,” adds Gosemajumder.
For now, however, at least some of the most concerted efforts to extort individuals and organizations online appears stymied, and could provide a much-needed reprieve from the digital landscape’s near-constant cybersecurity threats.