January 27, 2023 – The FBI has infiltrated and dismantled Hive, a notorious ransomware group that has targeted hospitals across the country.
The Hive gang used a ransomware-as-a-service (RaaS) model to attack organizations, with administrators developing ransomware strains and easy-to-use interfaces before recruiting affiliates who then access and encrypt victims’ networks after exfiltrating sensitive data.
Hive’s developers and affiliates employed a double-extortion model of attack, wherein sensitive data from victims’ systems was exfiltrated before encryption. The affiliate then sought a ransom for both the decryption key necessary to decrypt the victim’s system and a promise to not publish the stolen data. Victims’ most sensitive data was typically targeted to increase the pressure to pay. Hive collected $100 million in payments.
“The disruption and dismantlement of the notorious Hive ransomware operation by the FBI, the Department of Justice and international partners is welcome news and will no doubt help make hospitals safer against high-impact ransomware attacks that have disrupted health care’s delivery and risked patient safety,” said John Riggi, AHA’s national advisor for cybersecurity and risk.