An international cyber crime group has been brought down thanks to a major operation that involved the Garda National Cyber Crime Bureau (GNCCB), EUROPOL and other international authorities.
Operation Downbreaker was a EUROPOL investigation that was internationally supported in targeting the Hive Ransomware Group.
Thanks to their efforts, the operation has now shut down the servers and technical infrastructure used by the Ransomware group to target large IT and multinationals in Europe and elsewhere.
READ MORE: Gardaí appeal for help locating 15-year-old boy missing in Dublin for three days
In the past year, HIVE ransomware has been identified as a major threat to international security as it has been used to compromise and encrypt the data and computer systems.
The cybercriminals using HIVE to copy data and then encrypt a victim’s files then ask for a ransom to both decrypt the files and to not publish the stolen data on the HIVE Leak Site.
When the victim paid, the ransom was reportedly split between affiliates (80%) and developers (20%).
Explaining the process, a garda spokesperson said: “This is what is known as the ‘ransomware-as-a-service’ (RaaS) model that in recent years has perpetrated high-level attacks often targeting companies maintaining critical infrastructures such as Government agencies, healthcare and telecommunications.
"Some gained access to a victim’s networks by using single factor logins via Remote Desktop Protocol, virtual private networks, and other remote network connection protocols.
“In other cases, they bypassed multifactor authentication and gained access by exploiting vulnerabilities”.
Since November 2022, more than 1,300 companies worldwide have been victim to the associates of the HIVE Ransomware Group and have paid almost €100 million in ransom payments.
“Among its direct involvement in Operation Downbreaker, Gardaí attached to GNCCB have participated in several operational meetings and are currently involved in the investigation of a number of HIVE Ransomware incidents that targeted Irish victims.
“The work of Gardaí as part of this Operation has ensured that the Irish based victims of HIVE are supported and have been provided with decryption keys for them to regain access to their data without paying the cybercriminals.
“Through An Garda Síochána’s membership of EUROPOL, it also provided analytical support exchanging available information to various criminal cases within and outside the EU, and supported the investigation through cryptocurrency, malware, decryption and forensic analysis”.
Speaking about the investigation, Detective Chief Superintendent at the Garda National Cyber Crime Bureau, Barry Walsh said, "This is an excellent result that has come from a lot of painstaking work carried out by Gardaí in the Cyber Crime Bureau and together with our colleagues across the world.
"It underscores the immense value of co-ordinating a collective law enforcement response to emerging criminality.
"The HIVE Ransomeware Group has caused a great deal of distress to people in Ireland, and has upset their daily lives in more ways than one. This is not just about the monetary loss suffered by victims, but the significant disruption that a cyberattack causes.
"We will further maximise on this work and stay focused on targeting the tactics and methods of cybercriminals and which affect victims here in Ireland.”
READ NEXT:
Dee Devlin's public display of affection as McGregor denies assault allegation
Man in his 30s dead after horror crash on Irish road as car hits wall
Dermot Bannon says the 'real side to celebs' personalities come out on his shows
HSE outlines four key steps to helping your child if they start choking after two tragedies
Met Eireann confirms dry end to week before things 'take turn' for some counties
Get breaking news to your inbox by signing up to our newsletter
