International cyber-crime network, The Hive ransomware group, has extorted more than $100 million from hospitals, school, financial firms and other business and institutions in over 80 countries since its first known operations in June 2021
In the US, FBI agents, penetrated Hive’s networks last summer and prevented multiple attacks. A month-long operation in January this year culminated in Hive servers based in Los Angeles being seized, while the FBI also took control of the darknet sites used in the Hives extended network. European police forces also took part in the international effort.
Agents were able to capture the Hive’s decryption keys and share them with over 300 of the groups victims and avert millions of dollars in in ransom payments.
Hive used skilled programmers to develop the malware before distributing the code to their affiliate network, effectively creating a “ransomware-as-a-service” model, with Phishing used as the primary delivery method.
Approximately three quarters of ransomware attacks reported in 2021 were linked with Russia, Russian proxies or other persons acting on its behalf. In fact, the top five highest-grossing ransomware tools used in 2021 were all connected to Russian cyber-criminals, with Russian-related ransomware accounting for 69 percent of attack values, 75 percent of ransomware-related incidents, and 58 percent of reported unique ransomware variants.
It’s significant that the FBI seizure notice on Hive’s website, is written in both English and Slavic, suggesting that it is aimed at an Eastern European audience.
The over arching message in all of this is that Cyber crime and ransomware in particular hasn’t gone away, it continues to evolve both in terms of technology and also the highly organised criminal organisations that employ it.
For more information about how you can protect your business, give us a call on 020 3947 5799, or email me at andrew.collier@moore.technology
