The FBI says it has infiltrated and shut down the notorious Hive ransomware group

A takedown notice that reads "Hive: The Federal Bureau of Investigation seized this site as part of a coordinated law enforcement action taken against Hive Ransomware."
(Image credit: FBI)

A major law enforcement operation has led to one of the most dangerous ransomware groups around today being infiltrated and essentially shut down.

In July 2022, the Federal Bureau of Investigation (FBI) managed to infiltrate the notorious Hive collective and save its corporate victims upward of $130 million by warning of impending attacks and circulating decryption keys.

However, many of the organization’s key players remain at large, and so the cybersecurity research community isn't convinced that the threat has completely subsided yet.

The specter of ransomware

A statement from the US Department of Justice (DOJ) notes the total collapse of Hive, including its websites and communication channels, followed a multinational operation by the DOJ, FBI, Secret Service, and law enforcement agencies in European countries such as Germany and the Netherlands.

With Hive’s dismantling, businesses can worry about ransomware a little bit less in the short term, but John Hultquist, Vice President of security firm Mandiant Threat Intelligence, remains guarded.

He was reported by Cyberscoop as suggesting that Hive has been dealt a serious blow. “Actions like this add friction to ransomware operations. Hive may have to regroup, retool, and even rebrand.”

However, In a quote ascribed to him by the BBC, he claimed that, "until the group is arrested, they will never truly be gone. They will have to reconstitute, which takes time, but I'll bet they reappear in time."

Cyberscoop also reported Kimberly Goody, a senior manager for Mandiant, as suggesting that, because many ransomware gangs have ties to each other, all that could change, in practice, in the names of the groups responsible.

Hultquist also explained that, while they wait for justice, security firms like Mandiant would be wise to consider how to better defend against ransomware, an evolving threat now largely seen by businesses and security researchers alike as omnipresent, despite dwindling profits for attackers

“When arrests aren’t possible, we’ll have to focus on tactical solutions and better defense. Until we can address the Russian safe haven and the resilient cybercrime marketplace, this will have to be our focus.”

Though it may only be a short-lived victory, Hive is a serious scalp for law enforcement agencies globally. According to Cyberscoop, Hive accounted for over 15% of the ransomware intrusions Mandiant dealt with in 2022.


Luke Hughes
Staff Writer

 Luke Hughes holds the role of Staff Writer at TechRadar Pro, producing news, features and deals content across topics ranging from computing to cloud services, cybersecurity, data privacy and business software.