Ireland helps FBI take down illegal ransomware server used by cyber criminals

Led by the FBI and German law enforcement and supported by the UK’s National Crime Agency cyber crime investigators, the operation dismantled servers of the HIVE ransomware infrastructure on Thursday, 26 January.

Other partners involved in the operation include the US Secret Service, Canada, Germany, France, Romania, Lithuania, Sweden, Norway, Portugal, and Spain.

HIVE, which was available to purchase on the dark web, allowed cyber criminals to launch ransomware attacks on their targets by sending phishing emails with corrupted attachments and viruses.

When their victim opened the attachment, the HIVE service would infect their devices and encrypt their systems until a ransom payment was made.

Victim organisations who refused to pay risked having their data published by the hackers.

As of last week, anyone attempting to access the HIVE network will now be met with a law enforcement splash page explaining that the servers are no longer in use.

“The Federal Bureau of Investigation seized this site as part of a coordinated law enforcement action taken against Hive Ransomware,” the notice reads.

“This action has been taken in coordination with the United States Attorney’s Office for the Middle District of Florida and the Computer Crime and Intellectual Property Section of the Department of Justice with substantial assistance from Europol.”

Since June 2021, cyber criminals involved in the HIVE ransomware group have targeted more than 1,300 victims around the world and received more than $100 million (almost €92 million) in ransom payments.

It has launched online attacks on approximately 50 corporate victims in the UK since early 2021, including businesses in the education, housing, haulage, and commercial sectors.

“HIVE was a service which enabled cyber criminals to steal millions from businesses across the globe, with several UK organisations suffering significant disruption and financial losses,” said Paul Foster, Deputy Director of the NCA’s National Cyber Crime Unit.

“The combined might of international law enforcement, which includes NCA officers, is a tremendous example of action to take down illegal IT infrastructure.

“We continue to work closely with partners to bolster our capability to tackle this national security threat and strengthen the UK’s response to cyber crime.

“I would urge any businesses that may have been a victim of cyber-crime to come forward and report such incidents to law enforcement.”