Monday, March 27, 2023
  • Advertise With Us
  • Write For Us
  • Contact Us
  • About Us
  • Editorial Calendar
Download Latest Issue - Free!
The Cyber Express
World Cybercon Middle East
  • MagazineDownload
  • Firewall Daily
    • All
    • Dark Web News
    • Data Breach News
    • Hacking News
    • Ransomware News
    • Vulnerabilities
    Konica Minolta Cyber Attack Puts Large Scale Information at Risk, STORMOUS Ransomware Group Claims the Attack

    Konica Minolta Cyber Attack Puts Large Scale Information at Risk, STORMOUS Ransomware Group Claims the Attack

    Okta User Error Could Lead to Password Compromise, And More!

    Okta User Error Could Lead to Password Compromise, And More!

    Cinoshi Malware-as-a-Service

    MaaS on Sale: Cybercrime Forum Selling Cinoshi Malware-as-a-Service for 2000 Rubles

    E-learning Platform Moodle

    Vulnerabilities Found in E-learning Platform Moodle, Users Urged to Update

    Explicit Online Content of Children

    Removing Explicit Online Content of Children is a Global War

    Rio Tinto Cyber Attack

    Rio Tinto Cyber Attack Puts Employee Information at Risk

    Team Insane PK Targets Indian Businesses

    Team Insane PK Targets Indian Businesses, Leaks Sensitive Data

    Goa Cyber attack 2

    Cl0p Ransomware Lists Goa State Government as Victim

    opt out of ChatGPT data collection

    OpenAI Has Privacy Issues: How Do We Opt Out of ChatGPT Data Collection?

  • Essentials
    • All
    • Compliance
    • Governance
    • Policy Updates
    • Regulations
    BreachForums

    FBI Arrests BreachForums Operator ‘Pompompurin’, Slaps Cybercrime Charges

    Cybersecurity Excellence Awards

    Cybersecurity Excellence Awards: Cyble Rated Fastest Growing Cybersecurity Company

    Insider threat mitigation

    Behavioral Psychology, a Boon for Insider Risk Mitigation

    Safer Internet

    International Safer Internet Day: How Safe Are Our Teenagers Online?

    TRAI

    TRAI Asked to Involve MoD in Drafting Big Data Regulations & Policies

    cybersecurity

    Cybersecurity incidents may soon be ‘uninsurable’

    Australia

    Australia Ropes in Tech Veterans to Set Up Cyber Action Plan

    Active Directory

    Prevent Ransomware: Save the Active Directory

    Privacy Penalty Bill

    Privacy Penalty Bill: Australian Parliament Approves Heavy Fines

    • Regulations
    • Compliance
    • Governance
    • Policy Updates
  • Features
    • Cyber Warfare
    • Espionage
    • Workforce
      • Learning & Development
  • Business News
    • All
    • Appointments
    • Budgets
    • Mergers & Aquisitions
    • Partnerships
    • Press Release
    • Startups
    CISA

    13 Specialists to Join Forces with CISA’s Cybersecurity Advisory Committee

    GISEC Global 2023

    GISEC Global 2023: H.E. Dr Mohamed Hamad Al-Kuwaiti Recognized for Outstanding Contributions in Advancing Global Cybersecurity

    GISEC Global 2023

    GISEC Global 2023: Knowledge Sharing, Collaboration Vital to Fend off Cyberattacks, say Experts

    Call & Contact Center Expo 2023 Las Vegas

    Call & Contact Center Expo 2023 Las Vegas

    Former BookMyShow CTO Mahesh Vandi Chalil

    Cyble Appoints Former BookMyShow CTO Mahesh Vandi Chalil as Chief Product and Technology Officer

    GISEC 2023

    GISEC 2023: Microsoft Highlights Zero Trust Approach and Mixed Reality Policing Tools

    GISEC Global 2023

    GISEC Global 2023: ‘Take the Fight to Cyber Attackers’ Urges UAE Cybersecurity Council Paper

    Cyble in Forbes List

    Cyble Recognized by Forbes as One of America’s Best Startup Employers 2023

    Cybersecurity Excellence Awards

    Cybersecurity Excellence Awards: Cyble Rated Fastest Growing Cybersecurity Company

    • Startups
    • Mergers & Aquisitions
    • Partnerships
    • Appointments
    • Budgets
    • Research
      • Whitepapers
      • Sponsored Content
      • Market Reports
    • Interviews
      • Podcast
  • EventsCyberCon
    •  Cyber Security Webinar
    • World CyberCon Middle East 2023
    • Endorsed Events
No Result
View All Result
The Cyber Express
  • MagazineDownload
  • Firewall Daily
    • All
    • Dark Web News
    • Data Breach News
    • Hacking News
    • Ransomware News
    • Vulnerabilities
    Konica Minolta Cyber Attack Puts Large Scale Information at Risk, STORMOUS Ransomware Group Claims the Attack

    Konica Minolta Cyber Attack Puts Large Scale Information at Risk, STORMOUS Ransomware Group Claims the Attack

    Okta User Error Could Lead to Password Compromise, And More!

    Okta User Error Could Lead to Password Compromise, And More!

    Cinoshi Malware-as-a-Service

    MaaS on Sale: Cybercrime Forum Selling Cinoshi Malware-as-a-Service for 2000 Rubles

    E-learning Platform Moodle

    Vulnerabilities Found in E-learning Platform Moodle, Users Urged to Update

    Explicit Online Content of Children

    Removing Explicit Online Content of Children is a Global War

    Rio Tinto Cyber Attack

    Rio Tinto Cyber Attack Puts Employee Information at Risk

    Team Insane PK Targets Indian Businesses

    Team Insane PK Targets Indian Businesses, Leaks Sensitive Data

    Goa Cyber attack 2

    Cl0p Ransomware Lists Goa State Government as Victim

    opt out of ChatGPT data collection

    OpenAI Has Privacy Issues: How Do We Opt Out of ChatGPT Data Collection?

  • Essentials
    • All
    • Compliance
    • Governance
    • Policy Updates
    • Regulations
    BreachForums

    FBI Arrests BreachForums Operator ‘Pompompurin’, Slaps Cybercrime Charges

    Cybersecurity Excellence Awards

    Cybersecurity Excellence Awards: Cyble Rated Fastest Growing Cybersecurity Company

    Insider threat mitigation

    Behavioral Psychology, a Boon for Insider Risk Mitigation

    Safer Internet

    International Safer Internet Day: How Safe Are Our Teenagers Online?

    TRAI

    TRAI Asked to Involve MoD in Drafting Big Data Regulations & Policies

    cybersecurity

    Cybersecurity incidents may soon be ‘uninsurable’

    Australia

    Australia Ropes in Tech Veterans to Set Up Cyber Action Plan

    Active Directory

    Prevent Ransomware: Save the Active Directory

    Privacy Penalty Bill

    Privacy Penalty Bill: Australian Parliament Approves Heavy Fines

    • Regulations
    • Compliance
    • Governance
    • Policy Updates
  • Features
    • Cyber Warfare
    • Espionage
    • Workforce
      • Learning & Development
  • Business News
    • All
    • Appointments
    • Budgets
    • Mergers & Aquisitions
    • Partnerships
    • Press Release
    • Startups
    CISA

    13 Specialists to Join Forces with CISA’s Cybersecurity Advisory Committee

    GISEC Global 2023

    GISEC Global 2023: H.E. Dr Mohamed Hamad Al-Kuwaiti Recognized for Outstanding Contributions in Advancing Global Cybersecurity

    GISEC Global 2023

    GISEC Global 2023: Knowledge Sharing, Collaboration Vital to Fend off Cyberattacks, say Experts

    Call & Contact Center Expo 2023 Las Vegas

    Call & Contact Center Expo 2023 Las Vegas

    Former BookMyShow CTO Mahesh Vandi Chalil

    Cyble Appoints Former BookMyShow CTO Mahesh Vandi Chalil as Chief Product and Technology Officer

    GISEC 2023

    GISEC 2023: Microsoft Highlights Zero Trust Approach and Mixed Reality Policing Tools

    GISEC Global 2023

    GISEC Global 2023: ‘Take the Fight to Cyber Attackers’ Urges UAE Cybersecurity Council Paper

    Cyble in Forbes List

    Cyble Recognized by Forbes as One of America’s Best Startup Employers 2023

    Cybersecurity Excellence Awards

    Cybersecurity Excellence Awards: Cyble Rated Fastest Growing Cybersecurity Company

    • Startups
    • Mergers & Aquisitions
    • Partnerships
    • Appointments
    • Budgets
    • Research
      • Whitepapers
      • Sponsored Content
      • Market Reports
    • Interviews
      • Podcast
  • EventsCyberCon
    •  Cyber Security Webinar
    • World CyberCon Middle East 2023
    • Endorsed Events
No Result
View All Result
The Cyber Express
No Result
View All Result
Home Cybersecurity News

Hive Ransomware Servers Taken Down in FBI-led Global Law Enforcement Action

A joint global operation headed by the FBI and Europol dismantled the international ransomware's network

Chandu Gopalakrishnan by Chandu Gopalakrishnan
January 26, 2023 - Updated on February 22, 2023
in Cybersecurity News, Ransomware News
0
HIVE Ransomware
617
SHARES
3.4k
VIEWS
Share on LinkedInShare on Twitter

The infrastructure behind HIVE ransomware group has been taken down in a coordinated action of law enforcement agencies in the United States and Europe. The action was led by the U.S. Department of Justice, the FBI, and the Secret Service, with assistance from European government agencies.

“Last night, the Justice Department dismantled an international ransomware news network responsible for extorting and attempting to extort hundreds of millions of dollars from victims in the United States and around the world,” said US Attorney General Merrick B. Garland in a Department of Justice press release on 26 January.

You might also like

French Intelligence Agency Investigates Cyber Attacks by Anonymous Sudan

Vulnerabilities Found in E-learning Platform Moodle, Users Urged to Update

The City of Toronto Cyberattack Confirmed, Linked to GoAnywhere Data Breach

Hive Ransomware Servers Taken Down in FBI-led Global Law Enforcement Action

Image courtesy: europol.europa.eu

“This hidden site has been seized. The Federal Bureau of Investigation seized this site as part of a coordinated law enforcement action taken against Hive Ransomware,” said a seizure notice on Hive’s dark web leak site.

“This action has been taken in coordination with the United States Attorney’s Office for the Middle District of Florida and the Computer Crime and Intellectual Property Section of the Department of Justice with substantial assistance from Europol.”

According to Europol, the United States Secret Service and the FBI worked with them along with the following law enforcement agencies in this operation:

Royal Canadian Mounted Police (RCMP) & Peel Regional Police (Canada), Police Nationale (France), Federal Criminal Police Office and CID Esslingen (Germany), National Police (Ireland), Criminal Police Bureau (Lithuania), National Police (Netherlands), National Police (Norway), Judicial Police (Portugal), Romanian Police (Romania), Spanish Police (Spain), Swedish Police (Sweden), and the National Crime Agency (United Kingdom).

Hive Ransomware Servers Taken Down in FBI-led Global Law Enforcement Action

Image courtesy: twitter.com/FBI

FBI dismantles Hive ransomware servers

According to the DoJ announcement, the FBI managed to break into Hive’s computer networks in July 2022, obtained its decryption keys, and used them to help victims worldwide, preventing a total ransom payment of $130 million globally.

“Since infiltrating Hive’s network in July 2022, the FBI has provided over 300 decryption keys to Hive victims who were under attack. In addition, the FBI distributed over 1,000 additional decryption keys to previous Hive victims,” said the DoJ press release.

Hive, which operates a ransomware-as-a-service model, previously targeted a wide range of industries and critical infrastructure, with a focus on healthcare and public health entities.

The FBI has also begun dismantling Hive’s front and back-end infrastructure in the U.S. and abroad, which included the seizure of two of Hive’s backend servers located in Los Angeles.

The FBI did not disclose how it identified the Hive servers, and no arrests or indictments were announced during the press conference.

“Cybercriminals utilize sophisticated technologies to prey upon innocent victims worldwide,” said U.S. Attorney Roger Handberg in the press release.

“Thanks to the exceptional investigative work and coordination by our domestic and international law enforcement partners, further extortion by HIVE has been thwarted, critical business operations can resume without interruption, and millions of dollars in ransom payments were averted.”

HIVE ransomware: Mode of operation

HIVE ransomware group was among the six gangs flagged in 2022 by the Cybersecurity & Infrastructure Security Agency (CISA) as the upstarts of 2022.

HIVE ransomware has been used by criminals to target various industries and critical infrastructure since June 2021, including government facilities, telecommunication companies and media, manufacturing, energy, information technology, and healthcare and public health, said an FBI flash alert issued in November 2022.

“The method of initial intrusion will depend on which affiliate targets the network. Hive actors have gained initial access to victim networks by using single factor logins via Remote Desktop Protocol (RDP), virtual private networks (VPNs), and other remote network connection protocols,” said the FBI flash alert.

“In some cases, Hive actors have bypassed multifactor authentication (MFA) and gained access to FortiOS servers by exploiting the vulnerability CVE-2020-12812. This vulnerability enables a malicious cyber actor to log in without a prompt for the user’s second authentication factor (FortiToken) when the actor changes the case of the username.”

According to Europol, over 1,500 companies from over 80 countries worldwide have fallen victim to HIVE associates since June 2021, and lost almost EUR 100 million in ransom payments.

“Affiliates executed the cyberattacks, but the HIVE ransomware was created, maintained and updated by developers,” said the Europol announcement.

“Affiliates used the double extortion model of ‘ransomware-as-a-service’; first, they copied data and then encrypted the files. Then, they asked for a ransom to both decrypt the files and to not publish the stolen data on the Hive Leak Site. When the victims paid, the ransom was then split between affiliates (who received 80%) and developers (who received 20%).”

Share this:

  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Reddit (Opens in new window)
  • Click to share on Twitter (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • More
  • Click to email a link to a friend (Opens in new window)
  • Click to share on WhatsApp (Opens in new window)

Related

Tags: CybercriminalsEuropolFBIHive ransomwarehive ransomware groupRansomware
Previous Post

Porsche NFT Hits Pit Stop, Fake NFT Sale On With Malvertising and Fraud Domains

Next Post

GoTo Confirms User Data Stolen With Encryption Key

Chandu Gopalakrishnan

Chandu Gopalakrishnan

Executive Editor, The Cyber Express

Related Posts

Cyber Attacks by Anonymous Sudan
Cybersecurity News

French Intelligence Agency Investigates Cyber Attacks by Anonymous Sudan

by Ashish Khaitan
March 27, 2023
E-learning Platform Moodle
Firewall Daily

Vulnerabilities Found in E-learning Platform Moodle, Users Urged to Update

by Ashish Khaitan
March 26, 2023
The City of Toronto Cyberattack
Data Breach News

The City of Toronto Cyberattack Confirmed, Linked to GoAnywhere Data Breach

by Vishwa Pandagle
March 24, 2023
Medusa ransomware group
Data Breach News

Minneapolis Public Schools Data Breach: Medusa Allegedly Leaks 100GB Data

by Vishwa Pandagle
March 23, 2023
BreachForums Final Update
Cybersecurity News

BreachForums to Fold After Finding Chinks in the Armour, Says New Admin

by Editorial
March 21, 2023
Next Post
GoTo Confirms User Data Stolen With Encryption Key

GoTo Confirms User Data Stolen With Encryption Key

Latest Issue is Out. Subscribe Now

Women in Cybersecurity

Download Now

CRIL


Follow Us On Google News

Never miss an update. Subscribe!

* indicates required

Top 10 Cybersecurity Jobs

Categories

About The Cyber Express

The Cyber Express

Cyber Security News and Magazine

The Cyber Express is a handbook for all stakeholders of the internet that provides information security professionals with the latest news, updates and knowledge they need to combat cyber threats.

Follow The Cyber Express

Contact

For editorial queries: [email protected]

For marketing, PR & media partnerships: [email protected]

For media kit and digitals sales: [email protected]

For Sponsorship/Event Partnership: [email protected]

For Conferences related information: [email protected]

Our Address

We’re remote friendly, with office locations around the world:

San Francisco, Atlanta, Rome,
Dubai, Mumbai, Bangalore, Hyderabad,  Singapore, Jakarta, Sydney, and Melbourne

 

Headquarters:

The Cyber Express LLC
555 North Point Center E
Alpharetta, GA 30022, USA.

Tel: (678) 578-8838

Events: +1 (678) 578-4140

 

India Office:

Cyber Express Media Network
HD-021, 4th Floor, C Wing, Building No.4. Nesco IT Park, WE Highway, Goregaon East, Mumbai, Maharashtra, India – 4000063

Tel: (678) 578-8838

Events: +1 (678) 578-4140

Subscribe to Our Feed

RSS Feeds

Follow Us On Google News

© 2022 The Cyber Express (Cyber Security News and Magazine) | By Cyble Inc.

No Result
View All Result
  • Firewall Daily
  • Business News
  • Cyber Essentials
  • Features
  • Cyber Security Magazine
  • Events
    • World CyberCon Middle East 2023
    •  Cyber Security Webinar

© 2022 The Cyber Express (Cyber Security News and Magazine) | By Cyble Inc.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.