The DOJ announced on Thursday the seizure of a website that the notorious Hive ransomware gang used to shame and extort more than $100 million from its victims.
“Last night, the Justice Department dismantled an international ransomware network responsible for extorting and attempting to extort hundreds of millions of dollars from victims in the United States and around the world,” Attorney General Merrick Garland said Thursday.
Actors using Hive ransomware have victimized more than 1,300 companies worldwide, according to information previously released by the FBI.
Ransomware is the crime in which the perpetrators lock up a company’s computers, disrupt their operations and demand ransom—usually millions of dollars—to unlock the systems. The ransom is almost always demanded in the form of cryptocurrency.
In one instance last month, Hive hackers allegedly took the data of 270,000 people from the largest medical complex in Lake Charles, LA. It included patients’ names, addresses, payment information and some social security numbers.
“The coordinated disruption of Hive’s computer networks, following months of decrypting victims around the world, shows what we can accomplish by combining a relentless search for useful technical information to share with victims with investigation aimed at developing operations that hit our adversaries hard,” said FBI Director Christopher Wray.
Thursday’s announcement is the latest in a series of efforts by the DOJ to crack down on overseas ransomware groups. DOJ officials have seized millions of dollars in ransomware payments and urged companies not to pay off the criminals.
One of the most serious cases involved Colonial Pipeline, the major pipeline operator for sending fuel to the East Coast, in May 2021. A ransomware attack by a suspected Russian cybercriminal shut the pipeline down for days, sparking shortages at gas stations and subsequent hoarding in multiple states.
Ransomware gangs are often decentralized, with affiliate members scattered around the world. But as is often the case, Hive’s core group spoke Russian, Allan Liska, a ransomware analyst at the cybersecurity firm Recorded Future, told NBC news.
Russia does not extradite its citizens, and the White House has struggled to convince the Kremlin to take action against its international cybercriminals.
Ransomware has been a lucrative crime, but authorities are making progress. Revenue from the crime fell to about $457 million in 2022, down from $766 million in 2021, according to data from cryptocurrency-tracking firm Chainalysis. The Treasury Department, however, puts the estimate for 2021—the most recent year for which there is public data—at $886 million.