DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Hive Ransomware’s infrastructure seized; law enforcement “hacked the hackers”

Posted on January 26, 2023 by Dissent

After months of a “cyber stakeout” in which law enforcement officials lawfully hacked the hackers, one of the top ransomware gangs in the world had their servers seized and their operations dismantled. DataBreaches reported the seizure earlier this morning.

Hive ransomware gang has been the subject of numerous posts on DataBreaches over the past two years, and the subject of federal advisories by CISA and HHS.  Federal officials estimate that Hive has attacked more than 1,500 victims since 2021.

Its attacks have been costly to victims in terms of ransom payments demanded to unlock files, as well as in recovery fees. Attacks on the healthcare sector have also interfered with patient care, such as a midwestern hospital that had to divert patients following an attack and that had to use paper and pencil recording when their patient record system could not be accessed.

Hive is estimated to have collected more than $100 million in ransom payments. Authorities estimate that it would have been more than $230 million if not for the fact that law enforcement gained access to Hive’s control panel in July of 2022 and has been disrupting their attacks since then. Over the past months, law enforcement was able to warn victims so they could avert locking, and also gave decryption keys to more than 300 victims and saved them from having to make ransom payments.  More than 1,000 earlier victims were also provided with decryption keys.

In a press conference this morning, Attorney General Merrick Garland, Deputy Attorney General Lisa O. Monaco, and FBI Director Christopher Wray provided some details of the operation and thanked their non-U.S. partners who collaborated in bringing Hive’s operations down.

The FBI seizure notice on Hive's site also lists Europol, Baden-Wurttemberg, the Federal Criminal Police of Germany, and numerous other countries.
The FBI seizure notice on Hive’s site also lists Europol, Baden-Wurttemberg, the Federal Criminal Police of Germany, and numerous other countries.

As Deputy Attorney General Monaco explained, they had lawful authority to hack the hackers, and that is what they did.

Only 20% of Hive’s victims ever reported their attacks to law enforcement, and all of the speakers today urged victims of ransomware attacks to come forward and seek law enforcement’s help. The fact that law enforcement might be able to give victims a decryptor key might encourage or persuade more future victims to contact law enforcement.

The FBI Field Office, Orlando Resident Agency is investigating the case. No arrests were announced at today’s press conference and Attorney General Garland declined to answer any questions as to whether any arrests might be forthcoming.

Trial Attorneys Christen Gallagher and Alison Zitron of the Criminal Division’s Computer Crime and Intellectual Property Section and Assistant U.S. Attorney Chauncey Bratt for the Middle District of Florida are prosecuting the case.

DOJ’s press release can be found on DOJ’s site.

Read Deputy AG Monaco’s remarks  and Attorney General Garland’s remarks for more details about Hive’s recent activities and law enforcement’s operations to disrupt them.

Impact on the Medical Sector

Although Hive hit a number of sectors, its activities in the healthcare sector have always been of the biggest concern to DataBreaches. The following is a list of U.S. healthcare sector victims claimed by Hive over the past two years. In most cases, Hive provided proof of claims, even though not all victims would publicly acknowledge the attack. In at least one of the cases below, the victim denied that they were the victim, but Hive insisted that they were.

  • Consulate Health
  • Lake Charles Memorial Health
  • Hendry Regional Medical Center
  • Sigmund Software VSS
  • Tift Regional Medical Center (Southwell)
  • NCG Medical
  • Empress Emergency Medical Services
  • Baton Rouge General Medical Center/ General Health System
  • SERV Behavioral Health System
  • LaVan & Neidenberg DisabilityHelpGroup
  • Exela Technologies
  • Diskriter
  • GoodmanCampbell Spine
  • Supernus Pharmaceuticals
  • Johnson Memorial Health
  • MAS & Coronis Health
  • Greenway Health
  • Partnership HealthPlan
  • First Choice Community Healthcare
  • Missouri Delta Medical Center

Coverage can be found for many of the above by searching DataBreaches.net.

Post updated to add links to Deputy AG Monaco’s remarks and AG Garland’s remarks.

 

Category: Breach IncidentsCommentaries and AnalysesHealth DataMalwareU.S.

Post navigation

← Developing: Hive’s leak site seized
Alleged French cybercriminal to appear in Seattle on Friday on indictment for conspiracy, computer intrusion, wire fraud and aggravated identity theft →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Masimo Manufacturing Facilities Hit by Cyberattack
  • Education giant Pearson hit by cyberattack exposing customer data
  • Star Health hacker claims sending bullets, threats to top executives: Reports
  • Nova Scotia Power hit by cyberattack, critical infrastructure targeted, no outages reported
  • Georgia hospital defeats data-tracking lawsuit
  • 60K BTC Wallets Tied to LockBit Ransomware Gang Leaked
  • UK: Legal Aid Agency hit by cyber security incident
  • Public notice for individuals affected by an information security breach in the Social Services, Health Care and Rescue Services Division of Helsinki
  • PowerSchool paid a hacker’s extortion demand, but now school district clients are being extorted anyway (3)
  • Defending Against UNC3944: Cybercrime Hardening Guidance from the Frontlines

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • US Customs and Border Protection Plans to Photograph Everyone Exiting the US by Car
  • Google agrees to pay Texas $1.4 billion data privacy settlement
  • The App Store Freedom Act Compromises User Privacy To Punish Big Tech
  • Florida bill requiring encryption backdoors for social media accounts has failed
  • Apple Siri Eavesdropping Payout Deadline Confirmed—How To Make A Claim
  • Privacy matters to Canadians – Privacy Commissioner of Canada marks Privacy Awareness Week with release of latest survey results
  • Missouri Clinic Must Give State AG Minor Trans Care Information

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.