The Department of Justice dismantles a major ransomware operation

The department said it successfully prevented victims from paying $130 million in ransoms to Hive, a prolific ransomware gang, before seize two of the group's servers on Wednesday night.

WASHINGTON — Federal investigators have taken down the computer networks of a cybercriminal organization that had demanded hundreds of millions of dollars from ransom to schools, hospitals and other critical infrastructure, the Justice Department said Thursday.

In July, the F.B.I. and its counterparts in Germany, the Netherlands and the European law enforcement agency Europol have gained covert access to servers and websites run by the Hive organization, considered last year to be one of the most active ransomware groups. Over the next few months, agents hid in the system, identified targets, and repeatedly thwarted Hive's attempts to extort over 300 victims, preventing them from paying $130 million in ransom. /p>

The effort was a "21st century cyber intervention," Lisa O. Monaco, assistant attorney general, said at a press conference Thursday. "Simply put, using legal means, we hacked the hackers."

The operation against Hive is part of a larger effort by the department to combat against ransomware, a global threat that has grown in recent years and that the Biden administration has considered a national security priority.

On Wednesday evening, officials seized two back-end computer servers in Los Angeles used by Hive and took down its dark web sites, allowing users to hide their identities, Attorney General Merrick B. Garland said at the press conference. The department has not announced any arrests, but officials said the investigation is continuing.

"Cybercrime is an ever-evolving threat," Ms. Garland. "But as I've said before, the Department of Justice will spare no resources in identifying and bringing to justice anyone, anywhere, who targets the United States with a ransomware attack."

< p class="css-at9mc1 evys1bk0" >Since July 2021, Hive affiliates have operated a so-called double extortion scheme in which hackers encrypt victims' data, threaten to disclose it online and demand a ransom, often worth millions of dollars, to return access and a promise not to publish the stolen information.

Thanks to these attacks, the group succeeded to extort over $100 million in payments and has targeted over 1,500 schools, hospitals, businesses and other institutions deemed critical by infrastructure authorities. These include health care groups and school districts in the United States as well as large corporations in Europe and the public health system in Costa Rica.

In an attack on a hospital in the Midwest during the coronavirus pandemic in August 2021, Hive prevented the hospital from accepting new patients and accessing its digital patient information database, forcing hospital staff to rely on analog copies. The hospital only recovered their data after paying a ransom.

Only 20% of Hive victims reported potential issues to law enforcement , according to Christopher A. Wray, of the F.B.I. director, who urged other ransomware victims to speak out.