John Paul M. Joaquin Tech 01.28.2023 00:Jan AM EST

DOJ Successfully Prevents Ransomware Gang From Extorting $130M From Victims

A ransomware gang may be getting nothing for their efforts lately.

The Department of Justice (DOJ) recently revealed its months-long disruption operation against the Hive ransomware gang, the same one that targeted more than 1,500 victims in over 80 countries worldwide.

The DOJ is asking any victim of the ransomware gang to contact their local FBI field office for further information on how to shore up their cybersecurity against future ransomware attacks.

DOJ-FBI Disruption Operation Against Hive Ransomware Group Details

The DOJ mentioned in its announcement that the FBI had penetrated the ransomware gang's computer network since late July 2022, allowing the agency to capture the gang's decryption keys and offer them to victims worldwide.

Since the decryption keys' acquisition, the FBI shared 300 of them with the ransomware gang's victims worldwide, preventing the Hive ransomware gang from extorting as much as $130 million in ransom money from its victims.

Hive's previous victims were not left out, either, with the FBI distributing 1000 copies of Hive'sdecryption keys to them despite already being a victim.

While the decryption key is an important item in preventing people from becoming a victim of the Hive ransomware gang, it pales in comparison to what the DOJ did in Europe.

The government agency, along with German law enforcement from the German Federal Criminal Police and Reutlingen Police Headquarters-CID Esslingen and the Netherlands National High tech Crime Unit, managed to seize control of the ransomware gang's servers and websites the gang is using to communicate with its members.

The seizing of Hive's servers and websites was a significant blow to the ransomware group as it greatly affected the gang's ability to attack and extort victims.

DOJ Deputy Attorney General Lisa O. Monaco gave a witty remark regarding the events in a press conference, with them saying that the DOJ and the FBI turned the tables on the Hive ransomware group.

"Simply put, using lawful means, we hacked the hackers," Monaco added.

Monaco also mentioned that the DOJ and FBI's investigation should speak clearly to the ransomware gang's victims and encourage them to come forward and work with them to prevent more hackings from happening.

How Does The Hive Ransomware Gang Operate?

According to The Verge's report, the Hive ransomware group operated using a "ransomware-as-a-service (RaaS)" model, with them making the ransomware and then recruiting "affiliates" to deploy it against a potential victim. Once the victim pays the ransom, Hive administrators take 2)% of the extorted money while its affiliate takes the rest. However, should the victim refuse to pay the ransom money demanded, Hive administrators will publicly leak the data they stole.

The affiliates aren't just people who wish to join Hive's profiteering racket. Many of them know how to properly attack a victim before they deploy the gang's ransomware. These attacks include email phishing, exploiting FortiToken authentication vulnerabilities, and gaining access to a victim company's VPNs and remote desktops that are protected with single-factor logins.