The authorities in Germany and the USA have broken up the global hacker network "Hive". The Stuttgart public prosecutor's office and the Reutlingen police headquarters said on Thursday that the "network of cybercriminals" was responsible for "more than 1,500 serious cyberattacks affecting companies worldwide". According to the US Department of Justice, the network stole more than $100 million in ransom with its ransomware.
The authorities now took action against "Hive" in the internationally coordinated action "Dawnbreaker". "A large number of servers were confiscated, data and accounts of the network and its users were secured," said the public prosecutor's office in Stuttgart and the police headquarters in Reutlingen. The group's websites have been blocked. The IT structure of the "perpetrator group" served "exclusively to carry out the most serious cyber attacks and the subsequent blackmail" of the companies and authorities concerned, the authorities said.
In attacks with ransomware, hackers encrypt the data of affected companies, private individuals or authorities and then demand a ransom to release the data. "Hive" was a kind of illegal service provider that made its ransomware available to hackers. In English, this model is called "ransomware-as-a-service" (RaaS).
According to the authorities, "Hive" attacks affected hospitals, school districts, financial firms and critical infrastructure in more than 80 countries, among others. The public prosecutor's office in Stuttgart said that 70 of the attacks were carried out on companies in Germany, three of them in Baden-Württemberg.
According to cybersecurity firm Avertium, "Hive" ransomware was also used in a 2021 hack against electronics retailer Mediamarkt. Accordingly, "Hive" was first observed in June 2021. Avertium listed "Hive" as one of the top ten "ransomware gangs" worldwide.
According to the US Department of Justice, in July 2022, the FBI managed to break into the "Hive" networks. The hackers' decryption codes were captured and made available to victims of hacker attacks. As a result, they would not have had to pay a total of $130 million in ransom. "We hacked the hackers," said US Deputy Attorney General Lisa Monaco.
The investigations into "Hive" included the FBI and the Secret Service in the USA, the public prosecutor's office in Stuttgart, the police headquarters in Reutlingen and the Federal Criminal Police Office in Wiesbaden in Germany and the police organization Europol.
"Ransomware is a serious threat to critical infrastructure, to companies and private individuals. That's why we're doing everything we can to combat such attacks," said Baden-Württemberg's Interior Minister Thomas Strobl (CDU). "Our police have proven once again: Even in the digital world, criminals cannot feel safe." The action against "Hive" is an "outstanding example of the successful international networking and cooperation of our police authorities, and that worldwide".
US Attorney General Merrick Garland said cybercrime is an "evolving threat." However, the US judiciary will spare no expense or effort to "identify and hold cyber criminals accountable".