DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Hive Ransomware’s infrastructure seized; law enforcement “hacked the hackers”

Posted on January 26, 2023 by Dissent

After months of a “cyber stakeout” in which law enforcement officials lawfully hacked the hackers, one of the top ransomware gangs in the world had their servers seized and their operations dismantled. DataBreaches reported the seizure earlier this morning.

Hive ransomware gang has been the subject of numerous posts on DataBreaches over the past two years, and the subject of federal advisories by CISA and HHS.  Federal officials estimate that Hive has attacked more than 1,500 victims since 2021.

Its attacks have been costly to victims in terms of ransom payments demanded to unlock files, as well as in recovery fees. Attacks on the healthcare sector have also interfered with patient care, such as a midwestern hospital that had to divert patients following an attack and that had to use paper and pencil recording when their patient record system could not be accessed.

Hive is estimated to have collected more than $100 million in ransom payments. Authorities estimate that it would have been more than $230 million if not for the fact that law enforcement gained access to Hive’s control panel in July of 2022 and has been disrupting their attacks since then. Over the past months, law enforcement was able to warn victims so they could avert locking, and also gave decryption keys to more than 300 victims and saved them from having to make ransom payments.  More than 1,000 earlier victims were also provided with decryption keys.

In a press conference this morning, Attorney General Merrick Garland, Deputy Attorney General Lisa O. Monaco, and FBI Director Christopher Wray provided some details of the operation and thanked their non-U.S. partners who collaborated in bringing Hive’s operations down.

The FBI seizure notice on Hive's site also lists Europol, Baden-Wurttemberg, the Federal Criminal Police of Germany, and numerous other countries.
The FBI seizure notice on Hive’s site also lists Europol, Baden-Wurttemberg, the Federal Criminal Police of Germany, and numerous other countries.

As Deputy Attorney General Monaco explained, they had lawful authority to hack the hackers, and that is what they did.

Only 20% of Hive’s victims ever reported their attacks to law enforcement, and all of the speakers today urged victims of ransomware attacks to come forward and seek law enforcement’s help. The fact that law enforcement might be able to give victims a decryptor key might encourage or persuade more future victims to contact law enforcement.

The FBI Field Office, Orlando Resident Agency is investigating the case. No arrests were announced at today’s press conference and Attorney General Garland declined to answer any questions as to whether any arrests might be forthcoming.

Trial Attorneys Christen Gallagher and Alison Zitron of the Criminal Division’s Computer Crime and Intellectual Property Section and Assistant U.S. Attorney Chauncey Bratt for the Middle District of Florida are prosecuting the case.

DOJ’s press release can be found on DOJ’s site.

Read Deputy AG Monaco’s remarks  and Attorney General Garland’s remarks for more details about Hive’s recent activities and law enforcement’s operations to disrupt them.

Impact on the Medical Sector

Although Hive hit a number of sectors, its activities in the healthcare sector have always been of the biggest concern to DataBreaches. The following is a list of U.S. healthcare sector victims claimed by Hive over the past two years. In most cases, Hive provided proof of claims, even though not all victims would publicly acknowledge the attack. In at least one of the cases below, the victim denied that they were the victim, but Hive insisted that they were.

  • Consulate Health
  • Lake Charles Memorial Health
  • Hendry Regional Medical Center
  • Sigmund Software VSS
  • Tift Regional Medical Center (Southwell)
  • NCG Medical
  • Empress Emergency Medical Services
  • Baton Rouge General Medical Center/ General Health System
  • SERV Behavioral Health System
  • LaVan & Neidenberg DisabilityHelpGroup
  • Exela Technologies
  • Diskriter
  • GoodmanCampbell Spine
  • Supernus Pharmaceuticals
  • Johnson Memorial Health
  • MAS & Coronis Health
  • Greenway Health
  • Partnership HealthPlan
  • First Choice Community Healthcare
  • Missouri Delta Medical Center

Coverage can be found for many of the above by searching DataBreaches.net.

Post updated to add links to Deputy AG Monaco’s remarks and AG Garland’s remarks.

 

Category: Breach IncidentsCommentaries and AnalysesHealth DataMalwareU.S.

Post navigation

← Developing: Hive’s leak site seized
Alleged French cybercriminal to appear in Seattle on Friday on indictment for conspiracy, computer intrusion, wire fraud and aggravated identity theft →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Comstar LLC agrees to corrective action plan and fine to settle HHS OCR charges
  • Australian ransomware victims now must tell the government if they pay up
  • U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams
  • Victoria’s Secret takes down website after security incident
  • U.S. Government Employee Arrested for Attempting to Provide Classified Information to Foreign Government
  • St. Cloud Provides Update on Ransomware Attack in 2024
  • Bradford Health Systems detected abnormal network activity in December 2023. They first sent out breach notices this week.
  • Websites selling hacking tools to cybercriminals seized
  • ConnectWise suspects cyberattack affecting some ScreenConnect customers was state-sponsored
  • Possible ransomware attack disrupts Maine and New Hampshire Covenant Health locations

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent
  • Trump Taps Palantir to Compile Data on Americans
  • The US Is Storing Migrant Children’s DNA in a Criminal Database
  • Home Pregnancy Test Company Wins Dismissal of Pixel Wiretapping Suit
  • The CCPA emerges as a new legal battleground for web tracking litigation

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.