The US Department of Justice (DOJ) has announced the dismantling of a prolific ransomware operation, Hive, which is believed to be responsible for attacking healthcare organizations and stealing millions of dollars. The DOJ’s four-month international operation with Germany and Netherlands disrupted Hive’s infrastructure and operations, seizing cryptocurrency wallets belonging to the group and issuing warnings to other ransomware operators.
Kimberly Goody, a senior manager at Mandiant Threat Intelligence and Google Cloud, has uncovered that Hive was responsible for over 15% of the security breaches she investigated in 2022, and over 50% affecting American companies. Shockingly enough, most of these attacks were against healthcare organizations.
At a press conference on Tuesday, January 24, 2023, Deputy Attorney General Lisa Monaco said that the DOJ had been able to identify and shut down the group’s servers while also seizing millions in cryptocurrency. According to ransomware expert Allan Liska, the Justice Department’s decision to strike back at Hive is a big step in the fight against ransomware gangs. And by minimizing the attack from Hive, the authorities can seize this opportunity to gather further resources and intelligence on ransomware operations and prevent them from doing more damage in the future.
With extreme confidence, Liska hopes that the DOJ will soon apprehend other ransomware groups. The continuous battle against these gangs is a never-ending war, but the constant global effort has made the business less lucrative than ever. By infiltrating the dark web with agents and collecting intel on the operations, they have been successfully causing paranoid fear within the ransomware community.
But according to John Hultquist, leader of Mandiant Threat Intelligence inside Google Cloud, Hive operators will most likely join different groups or reconstruct their previous organization and even give themselves another identity. “This kind of action adds an extra hurdle for ransomware activities,” said Hultquist. “Hive may need to reorganize and redesign its operation as well as create a new brand.”
Ransomware experts believe the Justice Department’s actions will do more than disrupt Hive’s operations. At the same time, this success can significantly affect future ransomware attacks in the United States. According to Hultquist, the disruption of Hive will not drastically impact ransomware activity. Nevertheless, it is still a significant setback for an organization that has posed threats by attacking healthcare systems and putting lives in danger.
The DOJ did not say when or if further arrests will be made, but security experts have praised its actions as an essential step in tackling what has become a global industry of cybercrime. The takedown of Hive will hopefully serve as a deterrent to other ransomware operations and organizations, ensuring that healthcare providers can provide services without fear of being targeted.
Ultimately, the DOJ’s actions demonstrate that it is determined to protect US citizens from the threat of ransomware attacks. As Deputy Attorney General Monaco said at the press conference, “We are committed to ensuring the security of our citizens and will use whatever means necessary to do so.”
