>
A major law enforcement operation has resulted in one of the most dangerous ransomware groups to infiltrate and essentially shut down.
In July 2022, the Federal Bureau of Investigation (FBI) managed to infiltrate the notorious Hive collective and rescue its corporate victims for more than $130 million by warning of imminent attacks and circulating decryption keys.
However, many of the organization’s key players remain at large, and so the cybersecurity The research community is still not convinced that the threat has completely passed.
The ghost of ransomware
A pronunciation (opens in new tab) of the United States Department of Justice (DOJ) notes that the total collapse of Hive, including its websites and communication channels, followed a multi-national operation by the DOJ, FBI, Secret Service and law enforcement agencies in European countries such as Germany and the Netherlands.
With the decommissioning of Hive, companies may be a little less concerned about ransomware in the short term, but John Hultquist, vice president of security firm Mandiant Threat Intelligence, remains wary.
He was reported by Cyberscope (opens in new tab) as suggesting that Hive has taken a serious hit. “These kinds of actions create friction in ransomware operations. Hive may need to regroup, redesign and even rename itself.”
However, in a quote attributed to him by the BBC, he claimed that “until the group is arrested, they will never really be gone. They will have to recover, which will take time, but I bet they will reappear in time.”
Cyberscoop also reported that Kimberly Goody, a senior manager at Mandiant, suggested that because many ransomware gangs have ties to each other, in practice anything could change in the names of the groups responsible.
Hultquist also explained that while they wait for justice, security companies like Mandiant would be wise to think about how to better defend themselves against ransomware, an evolving threat that is now largely seen as ubiquitous by businesses and security researchers alike. despite dwindling profits for attackers.
“If arrests are not possible, we will have to focus on tactical solutions and better defenses. Until we can address the Russian safe haven and resilient cybercrime market, this will have to be our focus.”
While it may only be a short-lived victory, Hive is a serious scalp for law enforcement agencies worldwide. According to Cyberscoop, Hive accounted for more than 15% of the ransomware intrusions handled by Mandiant in 2022.
Through BBC (opens in new tab)