Get all your news in one place.
100’s of premium titles.
One app.
Start reading

FBI shuts down the websites, servers behind prolific ransomware gang Hive

The Department of Justice announced Thursday it has seized the computer servers and dark web sites associated with a prolific ransomware gang that's targeted U.S. hospitals, schools and other critical infrastructure.

Driving the news: Members of the Hive ransomware gang put a notice on its website earlier today claiming the DOJ, FBI, U.S. Secret Service and international law enforcement seized their sites last night.


  • Attorney General Merrick Garland said agents at the FBI Tampa field office gained access to Hive's ransomware infrastructure last July, which gave them the ability to sneak around their networks to find the information needed to shut down the gang.
  • In the months it took to seek out that information, the FBI was able to hand out decryption keys to unlock any systems the ransomware gang targeted to victims, Garland said.

Why it matters: Today's actions mark one of the most sophisticated and detrimental moves from U.S. law enforcement against a ransomware gang.

The big picture: DOJ estimates that the Hive ransomware gang has targeted more than 1,500 companies in over 80 countries — netting more than $100 million in ransom payments.

  • Hive used a double-extortion model: It demanded a payment in bitcoin from victims both to decrypt their systems and to prevent the leak of any sensitive data Hive stole before starting its attack.

Zoom out: Ransomware has been a top law enforcement priority in recent years — catapulting after the 2021 ransomware attack on Colonial Pipeline that led to a days-long shutdown.

  • Yet, government officials have warned that the ransomware problem is only getting worse, despite the resources poured into solving it.

Details: The FBI provided over 300 decryption keys to victims who were actively under attack — which helped victims avoid paying more than $130 million in ransom to Hive.

  • In one example, the FBI helped a Louisiana hospital avoid paying a $3 million ransom last year, Garland said.
  • FBI agents also distributed more than 1,000 decryption keys to previous Hive victims.
  • Under a court order, the FBI was able to seize two backend servers located in Los Angeles that Hive used to support its services. Garland added that the FBI and its international partners have also begun dismantling additional Hive infrastructure in the U.S. and abroad.

What they're saying: "We've made it clear that we will strike back against cybercrime by any means possible, and today's action reflects that strategy," said deputy attorney general Lisa Monaco.

The intrigue: FBI Director Christopher Wray estimated that only 20% of Hive's victims had reported the attack to law enforcement.

What's next: Wray said the investigation into Hive is still ongoing.

  • It's possible new actions could come as the FBI further investigates the gang's crypto transactions and hunt down affiliated hackers for arrests.
Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.