The Federal Bureau of Investigation hacked a prolific ransomware gang called Hive to disrupt its operations and rescue its victims, senior U.S. officials said on Thursday.
In a joint announcement by U.S. Attorney General Merrick Garland, FBI Director Christopher Wray, and Deputy U.S. Attorney General Lisa Monaco, the officials said government hackers broke into Hive’s network and put the gang under surveillance, surreptitiously stealing the digital keys the group used to unlock victim organizations’ data.
“Using lawful means, we hacked the hackers,” Monaco told reporters. “We turned the tables on Hive.”
News of the takedown first leaked on Thursday morning when Hive’s website was replaced with a flashing message that said: “The Federal Bureau of Investigation seized this site as part of coordinated law enforcement action taken against Hive Ransomware.”
Reuters was not immediately able to locate contact details for Hive.
Hive was one the most prolific among a wide range of cybercriminal groups that extort international businesses by encrypting their data and demanding massive cryptocurrency payments in return.
In an alert distributed in November, the FBI said that cybercriminals tied to Hive had victimized more than 1,300 companies worldwide and raked in approximately $100 million in ransom payments.
In a statement announcing Thursday’s takedown, the FBI said the number of targeted organizations had risen to 1,500 and added that its hack of Hive’s networks had thwarted about $130 million in ransom payments.
Canadian researcher Brett Callow, of cybersecurity company Emsisoft, said that Hive was responsible for at least 11 incidents involving U.S. government organizations, schools, and healthcare providers last year.
“Hive is one of the most active groups around, if not the most active,” he said in an email.