FBI takes down Hive ransomware group, saves businesses millions

I want to cover the news that just broke yesterday on January 26th, 2023, where it's been reported that the FBI, The Federal Bureau of Investigations in the United States has disrupted the Hive ransomware group. There are a couple things that I want to talk about in this video. Who is the Hive ransomware group? Why were they targeted by the FBI, and how did they actually do it? And when they did it, what did they do? So we'll talk about some of these things because they're important to the whole grand scheme of things that relates to ransomware that we've been seeing in the news lately. Before I get into that, please like and subscribe to our channel, like the video and I'll continue to bring you content like this.

So here we go. We got the Hive Ransomware Group, one of the most notorious ransomware groups that have hit the scene since ransomware became a thing, especially with double extortion and massive ransomware payments in the last five years or so. Hives been one of those groups that has targeted hospitals and healthcare facilities, and they're one of those groups that quite frankly, they don't care who they target. There are really no morals there, and they're willing to hit anybody and make them pay any price that they're willing to pay in order to get their data back. So we have the FBI, they have used their tools and resources to basically infiltrate this group's network for about the last eight or nine months. This has been going on since late June. I believe it was that it said that the FBI basically went after this group for a while and they were able to basically turn the tables on this group.

Now, these ransomware groups, they typically work with other people to get access to networks. So ransomware groups aren't necessarily good at getting in and breaking in the network. Some of them are. This is a ransomware as a service type of group. They typically buy access rather than help companies or help hackers who already have access versus getting access on their own. So it doesn't surprise me that the FBI was able to infiltrate their network simply because they're probably not even looking for indicators of compromise that somebody might be in their network doing something. So they were one of those groups that favored, like I said, the ransomware as a service model. And from what we're hearing from the reports that are out there that the FBI just basically hacked into this organization. And it began in the summer in Tampa, Florida it says "Federal Bureau of Investigation Agents Infiltrated Hives Network and used the access to identify victims and provide them with keys, which to take back control of their networks".

"Officials said the effort blocks some $130 million in demand ransoms. The department official said". Now that's interesting to me because a report just came out that in 2022, ransomware payments have gone down from 2021 and the number is still very high, but the number was close to this $130 million. The difference was close to this 130 million that you're seeing. So you back that out, and I guarantee you that A these cyber criminals were very confused as how these companies were getting back on their feet after an attack. And unfortunately, the bad thing is that now that this has happened, maybe the FBI has access to other gangs, networks, and they were confident coming out about this information now, but this is really going to give these groups pause. And now I talk about this cat and mouse game all the time, they're going to go retool and figure out how they can detect whether the FBI or some other security researcher has access to the networks that they're operating from.

So I did look at this two different ways. It's great that they helped companies get their data back and prevented these ransomware payments. But they came public with this information and kind of told people what they did and how they were helping companies, which is a direct result to the criminals to basically not make revenue. And when you start to hit them in the pocketbook, it would be nice if they didn't come out with this information unless, like I said, they had access to other networks and they were confident that they weren't going to be discovered. But this is going to give these groups pause and they're probably going to retool and figure out ways that they can better protect their networks and better detect activity like this. Because the fact that they weren't cost them $130 million. So this is conversations quite frankly I have with businesses all the time.

These are the kinds of things that companies need to do so they don't lose money to these cyber criminals. But kudos to the FBI for going this route. The article in the Wall Street Journal that I have up, and I'll link to it in the description, that the FBI and our prosecutors have been inside the network of one of the world's most prolific ransomware variants, and we hacked the hackers. So they were very boastful and proud of this, which I don't know if I necessarily agree if that's how we should be coming out like this and having this type of message. Yes, it's great that they did this, but let's not rub their nose in it because I don't see anything in this report that says anybody's been detained or arrested. Although they do say in coordinated operations, German and Dutch police seize servers associated with the group and their website was inaccessible and a flashing message stating that it had been seized as part of a law enforcement action.

And that's all well and good that we got those things, but these are all things that can be replaced. And the human beings and the brain power behind these organizations are still out there freely roaming in the world to just set up operations again. And they will do that, right. They already know that this business model is successful. They will probably go away for a little while, if not fraction off into other groups or work with other groups that are already prevalent in the ransomware space. But that's the history of what these criminals do after they've been discovered or law enforcement gets a little too close to them, they scatter or they join other groups where they create new groups as a result. And I can guarantee you that that's going to be what happens here. So it would've been nice if we would've saw some arrests and some people detained out of this.

I'm sure that is coming at some level. They usually at least get one or two people, if not more, when these types of things go down because people start talking and they're able to identify people and then they're able to get them in countries where they can arrest them. But all those things have to play out over time, and that's really where we're at today. Like I said, kudos to the FBI for this action for being able to help companies not pay the ransom to the tune of $130 million, but it isn't the last we heard of the characters behind this group, and it won't be long before we're hearing about criminal groups that seem like they're Hive or sound like they're Hive or operate a lot like Hive in the next six to nine months. But this group will absolutely be back and they will continue to do damage to businesses around the globe.

This is why you should start shoring up your cybersecurity today and don't let it make you feel comfortable that you're hearing reports in the news that ransomware payments are going down and you're thinking that this might be the beginning of the end for ransomware. It's not. You need to start shoring up your cybersecurity, making sure your networks are protected, and making sure the data that your customers entrust you with and your employees entrust you with is protective from cyber criminals. That's it for me. Please like and subscribe to the video. I'll see you in the next one. Take care.