In a sign of its aggressive new posture against cyber criminals, the United States government infiltrated and compromised the Hive ransomware gang, blocking hundreds of millions in ransomware payments and seizing control of the gang’s website. No arrests were announced, but authorities in Germany and The Netherlands were able to seize the ransomware gang’s servers.
Hacking the Ransomware Hackers
Ransomware attacks are among the most costly for businesses and organizations. These attacks typically begin with criminals using stolen passwords found on the Dark Web or acquired through phishing attacks. Once ransomware hackers have access to online systems, they encrypt all of an organization’s data and lock it behind a password. They then demand a ransom in cybercurrency, such as Bitcoin, in exchange for a key that will unlock the encrypted data.
To shut down Hive, U.S. investigators infiltrated the gang’s network. They learned about planned attacks, including a Texas school district and a Louisiana hospital, then stole the ransomware decryption keys and gave them to the targets. When the ransomware attacks began, organizations were able to immediately restore their systems with the encryption keys, saving millions in ransomware payments.
The operation represents a significant shift in how Federal authorities approach cyber gangs. In the past, U.S. authorities attempted to recover ransoms after payment, with limited success. The move against Hive ransomware represents a significant escalation in response, known to be part of the Biden Administration’s draft cyber security plan, that sees law enforcement partner with victims ahead of an attack to prevent damage and financial loss.
Ransomware Risks Remain
While Hive was one of the better-known ransomware gangs. there are many more carrying out these attacks who will not be deterred by a single U.S. government success. A Verizon report on cyber crime in 2022 found that ransomware attacks rose by 13%, a larger increase than the past 5 years combined. Criminals can now buy ransomware online, in late 2022 a Microsoft study found criminals using it to steal data and wipe systems clean, removing all traces of their activity, without making a ransom demand.
Regardless of the nature of the attack, ransomware victims tend to have a few things in common:
- They operate critical infrastructure used by the public.
- They appear to have budgets that support multimillion-dollar ransom requests.
- Their cyber defenses have vulnerabilities ripe for exploitation.
Verizon reported that 20% of data breaches resulted from social engineering. Public-facing organizations face greater risks for intrusions and compromise due to the nature of their work, which makes cyber security awareness training essential.
Aggressive action from the Federal Government against cyber criminals is a positive development, but businesses and organizations cannot rely on it to ensure security. Employee training, strong cyber defenses and advance warnings from Dark Web monitoring still provide the best protection against intrusions and fraud. Protect Now provides support for small- and medium-sized business that work extensively with the public. Contact us online or call us at 1-800-658-8311 to improve your cyber security.