How Offensive Action is Countering Ransomware
Ransomware attacks have crossed a red line for many countries with continued merciless attacks. The threat to national economies and critical infrastructure marked a turning point. Governments are fighting back, and one of the strategies now routinely employed is infiltrating the servers and infrastructure of ransomware gangs. A recent offensive action against a top ransomware gang shows it can be a powerful tool both to rattle ransomware groups and provide real-time help to victims.
The latest occurred last month. Top U.S. prosecutors revealed Jan. 26, 2023, a law enforcement operation involving 13 countries that infiltrated the Hive ransomware group’s infrastructure starting in July 2022. As a top U.S. law enforcement official characterized it: “Simply put, using lawful means, we hacked the hackers.” Hive was one of the most prolific ransomware-as-a-service (RaaS) groups, with affiliates using its ransomware to execute attacks and extort more than 1,500 victims. For seven months, investigators had “clandestine, persistent” access to Hive’s control panel and database. That enabled investigators to swipe decryption keys without Hive’s knowledge and distribute those keys to 336 victims actively under attack. More than 1,000 decryption keys were provided to previous Hive victims, and authorities estimated the action meant US $130 million was not paid to the gang. What does this mean for the Hive gang, and what influence will this action have with respect to the broader ransomware environment?
Read more at Intel471.