DOJ disrupts major ransomware group

The FBI has infiltrated and disrupted a major cybercriminal group that extorted schools, hospitals and critical infrastructure around the world, a law enforcement official told NBC News.

Hive, one of the most prolific hacker gangs in the world, had received about $100 million in extortion payments, according to a November warning from the FBI, Health and Human Services and the Cybersecurity and Infrastructure Security Agency. As of Thursday morning, its website on the dark web showed a message saying it had been seized by an international law enforcement coalition, including the FBI and Justice Department.

The FBI had secretly gained access to Hive’s network for months and provided victims keys to unlock their data, the law enforcement official said.

Ransomware hackers extort victims by hacking into an organization, then either encrypting their files, rendering computers unusable, or stealing and threatening to leak those files. Previous ransomware attacks have resulted in the release of sensitive information about law enforcement officers and schoolchildren.

The takedown is a rare victory against a ransomware gang. Such groups often act with near-impunity in attacking targets in the U.S. and around the world.

Ransomware gangs are often decentralized, with affiliate members who can be scattered around the world. But as is often the case with such groups, Hive’s core group spoke Russian, said Allan Liska, a ransomware analyst at the cybersecurity firm Recorded Future.

Russia does not extradite its citizens, and the White House has struggled to convince the Kremlin to take action against its international cybercriminals.

The Treasury Department has estimated that in 2021, the most recent year for which it has public data, ransomware attacks cost U.S. organizations $886 million.

This is a developing story. Please check back for updates.