A major law enforcement operation has resulted in the infiltration and essentially shutdown of one of the most dangerous ransomware groups.
In July 2022, the Federal Bureau of Investigation (FBI) managed to infiltrate the notorious Hive Collective and rescue its corporate victims of over $130 million by warning of impending attacks and distributing decryption keys.
However, many of the organization’s key players remain at large, and so cyber security the scientific community is not convinced that the threat has completely subsided.
Ransomware specter
AND statement (opens in a new tab) from the US Department of Justice (DOJ) notes the complete collapse of Hive, including its websites and communication channels, after a multinational operation by the Department of Justice, FBI, Secret Service and law enforcement in European countries such as Germany and the Netherlands.
With Hive being dismantled, companies may be a little less concerned about ransomware in the short term, but John Hultquist, vice president of security firm Mandiant Threat Intelligence, remains cautious.
It was reported by cyberscoop (opens in a new tab) as implying that Hive had taken a major hit. “Such actions make it difficult for ransomware to work. Hive may need to regroup, retool, or even rebrand.”
However, in a quote attributed to him by the BBC, he stated that “until the group is arrested, they will never really disappear. They’ll have to respawn, which takes time, but I bet they’ll reappear over time. “
Cyberscoop also reported that Mandiant senior manager Kimberly Goody suggested that since many ransomware gangs have ties to each other, in practice all of this could change in the names of the groups responsible.
Hultquist also explained that while waiting for justice, security companies like Mandiant will consider how to better defend against ransomware, an evolving threat that is now seen by both companies and security researchers as ubiquitous. despite declining attacker profits.
“When arrests are not possible, we will have to focus on tactical solutions and better defense. Until we can address Russia’s safe haven and resilient cybercrime market, that will have to be our focus.”
While it may only be a short-lived victory, Hive is a major concern for law enforcement around the world. According to Cyberscoop, Hive accounted for more than 15% of the ransomware breaches Mandiant faced in 2022.
By BBC (opens in a new tab)