FBI pulls down ransomware group targeting over 1,500 victims

The US Justice Department said that the FBI has brought down an international ransomware network named Hive that extracted more than $100 million from hospitals and other organizations around the world.

The ransomware group targeted more than 1,500 victims, including hospitals, school districts and financial firms in more than 80 countries. Hive used a “ransomware-as-a-service” model in which highly skilled developers build the malware and then recruit less-sophisticated affiliates to deploy them against victims.

Attorney General Merrick Garland said Hive affiliates targeted “critical infrastructure and some of our nation’s most important industries.” In 2021, Hive affiliates attacked a Midwest hospital’s network, preventing the medical facility from accepting new patients. The hospital was able to recover its data only after paying a ransom, the attorney general said.

FBI agents infiltrated Hive from July 2022 until its seizure, covertly capturing its decryption keys and sharing them with victims, saving the targets $130 million in ransom payments. The FBI provided more than 300 victims with decryption keys, among them a Texas school district, a Louisiana hospital, and a food services company that had been asked to make millions of dollars in ransom payments. The FBI also distributed more than 1,000 additional decryption keys to previous Hive victims.