Authorities in the United States and Europe announced on Thursday the results of a major law enforcement operation targeting the Hive ransomware. More than a dozen agencies collaborated to take down the Tor-based leak website used by the group and other parts of its infrastructure, including servers located in Los Angeles.
The FBI revealed that Hive’s ‘control panel’ was hacked by agents in July 2022, allowing them to identify targets and obtain decryption keys that allowed victims to recover encrypted files. The FBI and Europol said they prevented the payment of more than $130 million to the cybercriminals.
The Hive ransomware operation was launched in June 2021 and it has since made more than 1,500 victims across roughly 80 countries. It’s believed that administrators and affiliates made approximately $100 million from ransom payments.
Authorities continue to investigate Hive in an effort to identify the threat actors involved in the operation, including developers, administrators and affiliates.
After the operation against Hive was announced on Thursday, the US State Department reiterated that it’s prepared to pay up to $10 million for information on the identity or location of foreign state-sponsored threat actors that have targeted critical infrastructure. This includes individuals linked to Hive.