The US has admitted that for more than six months, it infiltrated a well-known cybercrime organisation to covertly thwart their hacking attempts.
The FBI had extensive access to the Hive ransomware organisation in late July 2022, according to the Department of Justice (DOJ).
Victims were alerted about planned attacks by officers.
Additionally, they provided over 300 decryption keys to the hackers, saving them, according to estimates, about $130 million (£105 million).
The files of victims are encrypted by ransomware gangs using malicious software, locking them up and rendering them unavailable unless a ransom is paid to receive a decryption key.
In more than 80 nations throughout the world, including hospitals, school districts, financial institutions, and key infrastructure, the US estimates that Hive and its associates collected more than $100 million (£81 million) from more than 1,500 victims. One hospital was unable to take on any further patients.
In collaboration with other national police forces, notably those in Germany and the Netherlands, the US claimed to have taken down Hive’s websites and communication networks.
According to Attorney General Merrick Garland, “Last night, the Justice Department brought to an end a global ransomware network that had been extorting and attempting to extort hundreds of millions of dollars from victims in the United States and around the globe.”
Lisa O Monaco, a deputy attorney general, stated: “To put it simply, we hacked the hackers using legal methods.”
According to the DOJ, it will pursue those responsible for Hive until justice is served.
According to Mandiant Threat Intelligence head John Hultquist, “a good covert operation can undermine confidence in operational security and instil scepticism among actors.”
But he also said: “The organisation won’t truly disappear until they are apprehended. They’ll need to recreate, which takes time, but I’ll bet they do so in due course.”
Russia has long been charged by researchers and security authorities with harbouring ransomware organisations.
Alleged members of the REvil gang were detained in countries all over the world in November 2021, and in a “clawback” hacking operation, US police were able to recover more than $6 million in cryptocurrencies.
In June 2021, a similar US operation took down the Darkside gang and recovered $4.1 million in stolen money.
The darknet domains for the ransomware gang NetWalker were also taken down in January of that year, and a significant association was detained in Canada.
The hacker groups in all three incidents mostly split up, although it’s possible that they came together again as new collectives.
As victims in 2022 refuse to pay the ransom, data reveals ransomware workers witnessed a 40% decline in earnings.
Governments, organisations, and citizens will be better secured, according to Kim Wiles, a Nominet government cyber-services expert, who said she expects initiatives like these to only grow stronger between allied cyber-powers.
