A major law enforcement operation has led to one of the most dangerous ransomware groups around today being infiltrated and essentially shut down.
In July 2022, the Federal Bureau of Investigation (FBI) managed to infiltrate the notorious Hive collective and save its corporate victims upward of $130 million by warning of impending attacks and circulating decryption keys.
However, many of the organization’s key players remain at large, and so the cybersecurity research community isn't convinced that the threat has completely subsided yet.
The specter of ransomware
A statement (opens in new tab) from the US Department of Justice (DOJ) notes the total collapse of Hive, including its websites and communication channels, followed a multinational operation by the DOJ, FBI, Secret Service, and law enforcement agencies in European countries such as Germany and the Netherlands.
With Hive’s dismantling, businesses can worry about ransomware a little bit less in the short term, but John Hultquist, Vice President of security firm Mandiant Threat Intelligence, remains guarded.
He was reported by Cyberscoop (opens in new tab) as suggesting that Hive has been dealt a serious blow. “Actions like this add friction to ransomware operations. Hive may have to regroup, retool, and even rebrand.”
However, In a quote ascribed to him by the BBC, he claimed that, "until the group is arrested, they will never truly be gone. They will have to reconstitute, which takes time, but I'll bet they reappear in time."
Cyberscoop also reported Kimberly Goody, a senior manager for Mandiant, as suggesting that, because many ransomware gangs have ties to each other, all that could change, in practice, in the names of the groups responsible.
Hultquist also explained that, while they wait for justice, security firms like Mandiant would be wise to consider how to better defend against ransomware, an evolving threat now largely seen by businesses and security researchers alike as omnipresent, despite dwindling profits for attackers.
> These were the worst ransomware attackers of 2022 (opens in new tab)
> One in four SMBs has been hit with ransomware (opens in new tab)
> We’ve also listed the best malware removal tools right now (opens in new tab)
“When arrests aren’t possible, we’ll have to focus on tactical solutions and better defense. Until we can address the Russian safe haven and the resilient cybercrime marketplace, this will have to be our focus.”
Though it may only be a short-lived victory, Hive is a serious scalp for law enforcement agencies globally. According to Cyberscoop, Hive accounted for over 15% of the ransomware intrusions Mandiant dealt with in 2022.
- Here’s our list of the best small business firewalls right now
Via BBC (opens in new tab)