Global ransomware giant, Hive, shut down by FBI
January 2023 by Hüseyin Can Yuceel, security researcher at Picus Security
Overnight, the FBI broke the news that it had infiltrated and shut down the Hive ransomware group, a major ransomware operator on the global stage estimated to have extorted hundreds of millions of dollars from its targets. In case you’re covering the story today, see below for comments from Hüseyin Can Yuceel, security researcher at Picus Security, a security company that specialises in simulating the attacks of cybercriminal gangs like Hive. Hüseyin warns that the individuals behind Hive are likely to regroup, and notes that the FBI release “names no names”, such is the difficulty of arresting cybercriminals. Hüseyin Can Yuceel, security researcher at Picus Security:
“Hive ransomware group was one of the most prolific ransomware gangs in the last five years. Hive adopted all of the recent trends in the ransomware scene and became a major player in the Ransomware-as-a-Service business.
“The length of the operation and level of dedicated cooperation by multiple law enforcement agencies shows the extent of Hive’s ransomware operations. Hive group hit more than 1500 companies across multiple industries and extorted more than $130 million USD. Since ransomware groups like Hive are highly capable and target multiple industries, all organizations should be prepared against the threat of ransomware.”
“The FBI’s press release did not give any specific names. There is no attached indictment. Sophisticated ransomware threat actors are not easy-to-identify, and even if they are identified, they may not be within the agency’s reach. That’s why the FBI took the next best approach and disrupted the group’s operations. The attached warrant is for the seizure of servers used by Hive and located in California, which falls under FBI jurisdiction.
“Although some operations are shut down by law enforcement, ransomware as a business remains to be lucrative for threat actors. Unless there is international cooperation against ransomware like they did in Operation Bayonet against darknet marketplaces, ransomware threat actors are likely to regroup and continue their operations.