DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Hive Ransomware’s infrastructure seized; law enforcement “hacked the hackers”

Posted on January 26, 2023 by Dissent

After months of a “cyber stakeout” in which law enforcement officials lawfully hacked the hackers, one of the top ransomware gangs in the world had their servers seized and their operations dismantled. DataBreaches reported the seizure earlier this morning.

Hive ransomware gang has been the subject of numerous posts on DataBreaches over the past two years, and the subject of federal advisories by CISA and HHS.  Federal officials estimate that Hive has attacked more than 1,500 victims since 2021.

Its attacks have been costly to victims in terms of ransom payments demanded to unlock files, as well as in recovery fees. Attacks on the healthcare sector have also interfered with patient care, such as a midwestern hospital that had to divert patients following an attack and that had to use paper and pencil recording when their patient record system could not be accessed.

Hive is estimated to have collected more than $100 million in ransom payments. Authorities estimate that it would have been more than $230 million if not for the fact that law enforcement gained access to Hive’s control panel in July of 2022 and has been disrupting their attacks since then. Over the past months, law enforcement was able to warn victims so they could avert locking, and also gave decryption keys to more than 300 victims and saved them from having to make ransom payments.  More than 1,000 earlier victims were also provided with decryption keys.

In a press conference this morning, Attorney General Merrick Garland, Deputy Attorney General Lisa O. Monaco, and FBI Director Christopher Wray provided some details of the operation and thanked their non-U.S. partners who collaborated in bringing Hive’s operations down.

The FBI seizure notice on Hive's site also lists Europol, Baden-Wurttemberg, the Federal Criminal Police of Germany, and numerous other countries.
The FBI seizure notice on Hive’s site also lists Europol, Baden-Wurttemberg, the Federal Criminal Police of Germany, and numerous other countries.

As Deputy Attorney General Monaco explained, they had lawful authority to hack the hackers, and that is what they did.

Only 20% of Hive’s victims ever reported their attacks to law enforcement, and all of the speakers today urged victims of ransomware attacks to come forward and seek law enforcement’s help. The fact that law enforcement might be able to give victims a decryptor key might encourage or persuade more future victims to contact law enforcement.

The FBI Field Office, Orlando Resident Agency is investigating the case. No arrests were announced at today’s press conference and Attorney General Garland declined to answer any questions as to whether any arrests might be forthcoming.

Trial Attorneys Christen Gallagher and Alison Zitron of the Criminal Division’s Computer Crime and Intellectual Property Section and Assistant U.S. Attorney Chauncey Bratt for the Middle District of Florida are prosecuting the case.

DOJ’s press release can be found on DOJ’s site.

Read Deputy AG Monaco’s remarks  and Attorney General Garland’s remarks for more details about Hive’s recent activities and law enforcement’s operations to disrupt them.

Impact on the Medical Sector

Although Hive hit a number of sectors, its activities in the healthcare sector have always been of the biggest concern to DataBreaches. The following is a list of U.S. healthcare sector victims claimed by Hive over the past two years. In most cases, Hive provided proof of claims, even though not all victims would publicly acknowledge the attack. In at least one of the cases below, the victim denied that they were the victim, but Hive insisted that they were.

  • Consulate Health
  • Lake Charles Memorial Health
  • Hendry Regional Medical Center
  • Sigmund Software VSS
  • Tift Regional Medical Center (Southwell)
  • NCG Medical
  • Empress Emergency Medical Services
  • Baton Rouge General Medical Center/ General Health System
  • SERV Behavioral Health System
  • LaVan & Neidenberg DisabilityHelpGroup
  • Exela Technologies
  • Diskriter
  • GoodmanCampbell Spine
  • Supernus Pharmaceuticals
  • Johnson Memorial Health
  • MAS & Coronis Health
  • Greenway Health
  • Partnership HealthPlan
  • First Choice Community Healthcare
  • Missouri Delta Medical Center

Coverage can be found for many of the above by searching DataBreaches.net.

Post updated to add links to Deputy AG Monaco’s remarks and AG Garland’s remarks.

 

Category: Breach IncidentsCommentaries and AnalysesHealth DataMalwareU.S.

Post navigation

← Developing: Hive’s leak site seized
Alleged French cybercriminal to appear in Seattle on Friday on indictment for conspiracy, computer intrusion, wire fraud and aggravated identity theft →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • AT&T gets preliminary approval for $177 million data breach settlement
  • Aflac notifies SEC of breach suspected to be work of Scattered Spider
  • Former JBLM soldier pleads guilty to attempting to share military secrets with China
  • No, the 16 billion credentials leak is not a new data breach — a wake-up call about fake news (Updated)
  • Tonga’s health system hit by cyberattack (1)
  • Russia Expert Falls Prey to Elite Hackers Disguised as US Officials
  • Proposed class action settlement in In re Netgain Technology litigation
  • Qilin Offers “Call a lawyer” Button For Affiliates Attempting To Extort Ransoms From Victims Who Won’t Pay
  • Ireland’s Data Protection Commission publishes 2024 Annual Report
  • The headlines suggested Freedman Healthcare suffered a ransomware attack that affected patient data. The reality was quite different.

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill
  • Officials defend Liberal bill that would force hospitals, banks, hotels to hand over data
  • US Judge Invalidates Biden Rule Protecting Privacy for Abortions
  • DOJ’s Data Security Program: Key Compliance Considerations for Impacted Entities
  • 23andMe fined £2.31 million for failing to protect UK users’ genetic data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.