Threat Insight: FBI Seizes Control of Hive Ransomware Infrastructure

According to the DOJ statement – “Since late July 2022, the FBI has penetrated Hive’s computer networks, captured its decryption keys, and offered them to victims worldwide, preventing victims from having to pay $130 million in ransom demanded. Since infiltrating Hive’s network in July 2022, the FBI has provided over 300 decryption keys to Hive victims who were under attack. In addition, the FBI distributed over 1,000 additional decryption keys to previous Hive victims. Finally, the department announced today that, in coordination with German law enforcement (the German Federal Criminal Police and Reutlingen Police Headquarters-CID Esslingen) and the Netherlands National High Tech Crime Unit, it has seized control of the servers and websites that Hive uses to communicate with its members, disrupting Hive’s ability to attack and extort victims.”

We must wait and see if the RaaS operators will attempt to restore operations, or if they will go underground while they rebuild and rebrand. It is probable that Hives affiliates will be seeking alternate RaaS operations in the short term. It is reasonable to expect that LockBit, BlackBasta, Blackcat/ALPHV and other top-tier RaaS operations will benefit from this action in terms of increased access to capable affiliates and their queue of pending victims.

Read more here: https://www.justice.gov/opa/pr/us-department-justice-disrupts-hive-ransomware-variant

-Kaseya Threat Management Team