Select Page

In what’s a case of hacking the hackers, the darknet infrastructure associated with the Hive ransomware-as-a-service (RaaS) operation has been seized as part of a coordinated law enforcement effort involving 13 countries.

“Law enforcement identified the decryption keys and shared them with many of the victims, helping them regain access to their data without paying the cybercriminals,” Europol said in a statement.

The U.S. Department of Justice (DoJ) said the Federal Bureau of Investigation (FBI) covertly infiltrated the Hive database servers in July 2022 and captured 336 decryption keys that were then handed over to companies compromised by the gang, effectively saving $130 million in ransom payments.

The FBI also distributed more than 1,000 additional decryption keys to previous Hive victims, the DoJ noted, stating the agency gained access to two dedicated servers and one virtual private server at a hosting provider in California that were leased using three email addresses belonging to Hive members.

Aside from the decryption keys, an examination of the data from the servers revealed information about 250 affiliates, who are parties recruited by the malware developers to identify and deploy the file-encrypting payload against victims in exchange for a cut of each successful ransom payment.

images from Hacker News