A multinational law enforcement operation late Wednesday night seized control of digital infrastructure used by the Hive ransomware-as-a-service criminal group, and U.S. officials revealed Thursday morning that the FBI had secretly penetrated the group’s servers.
After infiltrating the group’s network last summer, federal agents used their inside view of the Hive group’s operations to seize decryption keys and prevent about 300 victims across the globe from paying $130 million worth of demanded extortion payments.
The seizure, a coordinated operation including participation by U.S., German and Dutch police, is part of an ongoing investigation that could result in arrests, FBI Director Christopher Wray said during a press conference Thursday morning.
“We’ll continue gathering evidence; building out our map of Hive developers, administrators and affiliates; and using that knowledge to drive arrests, seizures and other operations, whether by the FBI or our partners here and abroad,” he said.
Hive’s dark web leak site now displays a message, alternatively in Russian and English, stating that the FBI has taken control of the site.
“We hacked the hackers,” Deputy Attorney General Lisa O. Monaco told reporters. Federal agents seized two servers located in Los Angeles, Attorney General Merrick Garland said.