The FBI has succeeded in dismantling the Hive gang, a group of cybercriminals who have extorted hundreds of millions of dollars from victims in the United States and other parts of the world. Governments are beginning to use legal methods to replicate that strategy. They are creating hacker groups to fight the real hackers (Hackback), as Australia is also doing with its army of 100 hackers.
Hive is a group that compromises companies of all types regardless of the size or sector in which they operate, stealing their information and encrypting their systems. This way they make a double extortion, asking for money for decryption in exchange for not publishing the stolen data. They have thus compromised more than 1,500 companies in 80 different countries since June 2021. They have thus stolen more than 100 million euros. In addition, they rent out their technology, taking 20% of the profits. They attacked victims using Ramsonware mostly and other variants of it.
This gang attacked hospitals in the middle of the pandemic, preventing the admission of new patients, blocking systems and forcing workers to carry medical reports written on paper and pen. They demanded a large amount of money in exchange for recovering confidential patient data.
The gang's modus operandi was to find companies with access to internal networks whose remote desktop or VPN was not protected by two-factor authentication. Sometimes they bypassed two-factor authentication. They gained access to employee credentials or guessed them with dictionaries. The infostealer market is booming and this malware is dedicated to silently harvesting activity and traffic and then selling it for large sums of money. When this system did not work for them to steal information, they resorted to phishing, phishing that sometimes even caused them to exploit systems by means of malicious files via email.
FBI agents have been infiltrating the gang for a year and a half, preventing them from carrying out many of the attacks they had underway, according to the prosecutor herself, they have hacked the hackers.
Since 2022, the U.S. Department of Justice has created a strategy to protect anyone who suffers threats of this type. More than 300,000 victims around the world who have been threatened by groups like this have been assisted.
"Cybercrime is a constantly evolving threat", says Merrick B. Garland, U.S. Attorney General. The U.S. Department of Justice will spare no expense in investing in tools to prevent this type of situation, thus making such solutions available to all citizens.
They want to make the population aware of the danger posed by threats like this, thus preventing victims from paying ransom money. They intend to follow a strategy to protect all citizens, companies or organizations from ransomware attacks and ransomware variants.