WASHINGTON (Reuters) – The FBI revealed on Thursday that it had secretly hacked into and disrupted the prolific ransomware gang called Hive, a maneuver that has allowed the bureau to thwart the group that has collected more than $130 million in ransom demands with more than 300 victims. .

At a press conference, U.S. Attorney General Merrick Garland, FBI Director Christopher Wray and U.S. Assistant Attorney General Lisa Monaco said government hackers broke into Hive’s network and put the gang under surveillance. , surreptitiously stealing the digital keys the group used to unlock victim organizations. . . The data.

They can then notify victims ahead of time so they can take steps to protect their systems before Hive demands payment.

“Using legal means, we hacked the hackers,” Monaco told reporters. “We’ve changed things at Hive.”

News of the takedown first broke early Thursday morning when Hive’s website was replaced with a flashing message saying, “This site has been taken over by the FBI as part of the Coordinated Enforcement Action Against Hive Ransomware.”

Nest servers have also been taken over by the German Federal Criminal Police and the Dutch National High-Tech Crime Unit.

German police commissioner Udo Vogel said in a statement the police and prosecutors of the state of Baden-Württemberg, who are involved in the investigation.

Reuters was unable to immediately find contact details for Hive. We do not know where they are located geographically.

Hive’s removal process differs from several other high-profile ransomware cases announced by the US Department of Justice in recent years, such as the 2021 cyberattack on Colonial Pipeline Co.

In this case, the Justice Department seized approximately $2.3 million in cryptocurrency ransoms after the company paid off the hackers.

Here, there is no foreclosure as investigators step in before Hive can claim payment. The covert infiltration, which began in July 2022, went undiscovered by the gang.

Ransom over $100 million

Hive has been one of the most prolific among various cyber criminal groups extorting international companies by encrypting their data and demanding huge cryptocurrency payments in return.

Over the years, according to the Department of Justice, Hive has targeted over 1,500 victims in 80 different countries and collected over $100 million in ransomware payments.

Although no arrests were announced on Wednesday, “stay tuned,” a ministry official told reporters.

Hive was responsible for at least 11 incidents involving US government organizations, schools and healthcare providers last year, said Canadian researcher Brett Callow of cybersecurity firm Emsisoft.

“Hive is one of the most active groups, if not the most active,” he said via email.

Attorney General Merrick Garland said FBI operations helped many victims, including the Texas school district.

“The office provided the decryption key to the school district, which saved them from paying a $5 million ransom,” he said. Meanwhile, the Louisiana hospital saved $3 million.

Garland said the government investigation is still ongoing.

(Reporting by Raphael Sater, Sarah N. Lynch and Katherine Jackson) Additional reporting by Rachael Moore in Berlin; Edited by Chizu Nomiyama and Rosalba O’Brien

Our standard: The Thomson Reuters Trust Principles.