our year-and-a-half-long disruption campaign against the Hive ransomware group<\/a>.<\/p>\nHive hurt thousands of victims across the country and around the world\u2014until the FBI and our partners disrupted them, helping their victims decrypt their networks without Hive catching on, and then today dismantling Hive\u2019s front- and back-end infrastructure in the U.S. and abroad.<\/p>\n
This operation was led by our Tampa Field Office, assisted by our Cyber Division team at FBI Headquarters and other field office personnel across the country, but also by FBI personnel stationed around the world, who led the collaboration with our foreign law enforcement partners\u2014often shoulder to shoulder, scrutinizing the same data\u2014that was essential to today\u2019s success. Especially the fine work of the German Reutlingen Police Headquarters, the German Federal Criminal Police, the Netherlands National High Tech Crime Unit, and Europol.\u00a0This coordinated disruption of Hive\u2019s networks illustrates the power of collaboration between the FBI and our international partners.<\/p>\n
The FBI\u2019s strategy to combat ransomware leverages both our law enforcement and intelligence authorities to go after the whole cybercrime ecosystem\u2014the actors, their finances, their communications, their malware, and their supporting infrastructure.\u00a0And since 2021, that\u2019s exactly how we\u2019ve hit Hive ransomware.<\/p>\n
Last July, FBI Tampa gained clandestine, persistent access to Hive\u2019s control panel.\u00a0Since then, for the past seven months, we\u2019ve been able to exploit that access to help victims while keeping Hive in the dark, using that access to identify Hive\u2019s victims and to offer over 1,300 victims around the world keys to decrypt their infected networks, preventing at least $130 million in ransom payments, cutting off the gas that was fueling Hive\u2019s fire.<\/p>\n
Our access to Hive\u2019s infrastructure was no accident.\u00a0Across our cyber program, we combine our technical expertise, our experience handling human sources, and our other investigative tradecraft to seek out technical indicators victims can use to protect themselves.<\/p>\n
Here, that focus on obtaining useful technical indicators led us to Hive\u2019s decryption keys\u2014which we turned around and provided to those in need, like when our investigative team identified the initial stages of an attack against a university, proactively notified the school, and gave the institution the technical information it needed to kick Hive off of its network before ransomware was deployed.<\/p>\n
Or when an FBI case agent and computer scientist rushed to provide hands-on support to a local specialty clinic and helped the doctor, who also managed the clinic\u2019s IT security, identify his office\u2019s vulnerabilities and deploy his decryption key\u2014because no victim is too small.<\/p>\n
We\u2019ve also shared keys with many victims overseas through our foreign-based Legal Attach\u00e9 offices, like when we gave a foreign hospital a decryptor they used to get their systems back up before negotiations even began, possibly saving lives.<\/p>\n
Now, as we move to the next phase of the investigation, we\u2019ve worked with our European partners to seize the infrastructure used by these criminal actors\u2014crippling Hive\u2019s ability to sting again.<\/p>\n
I\u2019m also here today to thank those victims and private sector partners who worked with us and who helped make this operation possible by protecting its sensitivities and to demonstrate that we can and will act on the information victims share with us.<\/p>\n
So today\u2019s lesson for businesses large and small, hospitals and police departments, and all the other many victims of ransomware is this:\u00a0Reach out to your local FBI field office today and introduce yourselves, so you know who to call if you become the victim of a cyberattack.\u00a0We\u2019re ready to help you build a crisis response plan, so when an intruder does come knocking, you\u2019ll be prepared.<\/p>\n
And, like the Hive victims here, when you talk to us in advance\u2014as so many others have\u2014you\u2019ll know how we operate: quickly and quietly, giving you the assistance, intelligence, and technical information you want and need.<\/p>\n
Unfortunately, during these past seven months, we found that only about 20% of Hive\u2019s victims reported potential issues to law enforcement.\u00a0Here, fortunately, we were still able to identify and help many victims who didn\u2019t report in. But that is not always the case.\u00a0When victims report attacks to us, we can help them\u2014and others, too.<\/p>\n
Today\u2019s announcement is only the beginning. We\u2019ll continue gathering evidence, building out our map of Hive developers, administrators, and affiliates, and using that knowledge to drive arrests, seizures, and other operations, whether by the FBI or our partners here and abroad.<\/p>\n
While this is, yes, a fight to protect our country, our citizens, and our national security, make no mistake\u2014the fight for cybersecurity spans the globe.\u00a0But the FBI\u2019s presence and partnerships do, too.<\/p>\n
So, a reminder to cybercriminals:\u00a0No matter where you are, and no matter how much you try to twist and turn to cover your tracks\u2014your infrastructure, your criminal associates, your money, and your liberty are all at risk.\u00a0 And there will be consequences.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"
New York- Free Yemen Eye – From News -FBI Director Christopher Wray\u2019s Remarks at Press Conference Announcing the Disruption of the Hive Ransomware Group I\u2019m pleased to represent the FBI here today and speak about our year-and-a-half-long disruption campaign against the Hive ransomware group. Hive hurt thousands of victims across the country and around the …<\/p>\n","protected":false},"author":4,"featured_media":93391,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[50],"tags":[],"class_list":["post-93390","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-diverse-news"],"_links":{"self":[{"href":"https:\/\/fye-yemen.net\/index.php?rest_route=\/wp\/v2\/posts\/93390","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/fye-yemen.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/fye-yemen.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/fye-yemen.net\/index.php?rest_route=\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/fye-yemen.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=93390"}],"version-history":[{"count":0,"href":"https:\/\/fye-yemen.net\/index.php?rest_route=\/wp\/v2\/posts\/93390\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/fye-yemen.net\/index.php?rest_route=\/wp\/v2\/media\/93391"}],"wp:attachment":[{"href":"https:\/\/fye-yemen.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=93390"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/fye-yemen.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=93390"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/fye-yemen.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=93390"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}