US Shuts Down Ransomware Group "Hive" That Extorted Over $100 Million

US Attorney General Merrick Garland said that US authorities working with German and Netherlands law enforcement took over Hive's website and servers after having infiltrated it for nearly seven months

The US Justice Department announced Thursday it had shut down the Hive ransomware operation, which had extorted more than $100 million from more than 1,500 victims worldwide.

US Attorney General Merrick Garland said that US authorities working with German and Netherlands law enforcement took over Hive's website and servers after having infiltrated it for nearly seven months.

The infiltration helped hundreds of companies avoid paying $130 million in extortion demands made after Hive hacked and froze their data systems.

Deputy Attorney General Lisa Monaco called the operation to infiltrate Hive a "21st-century cyber stakeout."

"We hacked the hackers," she said.

Hive operated as a ransomware service, meaning anyone could hire its software and other services to help hack into and lock down a target's IT systems, and to process payments. Hive and the client would share the profits from the extortion.

Since it first emerged in 2021 more than 1,500 companies and institutions have been hacked -- their IT systems or databases encrypted by Hive and backup deleted or rendered inaccessible.

The hackers would demand large payments, often in cryptocurrency, in exchange for freeing up the systems.

If victims refused to pay, Hive would publish confidential internal files and documents on the internet.

Victims included India's Tata Power, German retail giant Media Markt, Costa Rica's public health service, Indonesia's state gas company and multiple US hospital groups, according to cybersecurity advisors.

Early on Thursday, Hive's website on the dark web was frozen and a screen alternating in English and Russian said it had been taken over by the US Federal Bureau of Investigation.

US officials said that by breaking into Hive's dark-web site and collecting information, Justice authorities were able to obtain the digital keys necessary to unlock a victim's frozen data so that they were not forced to pay Hive.

This helped prevent a Texas school district, and Louisiana hospital, and an unnamed foods services company from having to pay millions of dollars in ransom after being hit by a Hive attack, for example, they said.

"For months, we helped victims defeat their attackers and deprived the Hive network of extortion profits," said Monaco.

US authorities would not say who is behind Hive or whether any arrests would accompany the shutdown of the operation, saying the investigation is ongoing.

The investigation involved the US FBI, the German Reutlingen Police Headquarters, the German Federal Criminal Police, the Netherlands National High Tech Crime Unit, and Europol.
×