An operation by the European Union’s Agency for Police Cooperation (Europol) made it possible to dismantle the infrastructure of a cybercrime network known as the “Hive”, which specializes in stealing victims’ computer files and demanding ransom. The group has attacked more than 1,300 organizations worldwide, including large and small businesses, public institutions, critical infrastructure IT systems, and even hospitals and healthcare facilities.
National police agents were involved in an investigation coordinated by Europol and involving the FBI and 17 other European security forces, the national police said in a statement. The involvement of Spanish agents began in October 2021 following a complaint from a company that was the victim of one of the data thefts known as hacking attacks. Ransomware. After discovering that the attack came from the international cybercrime group Hive, one of the most active in recent years, Spanish agents joined a European task force to track them down.
Hive used a method known as “Ransomware as a service’, in which the group that creates the malware is not the one that launches it against companies or institutions, but rents it to third parties. It is the latter, known as “affiliates”, who launch attacks with knowledge of local organizations and their weak points.
The investigation allowed law enforcement to discover the location of the main servers used by Hive to support the attacks. The removal of this material has revealed the keys necessary to decrypt files taken in the group’s recent attacks, allowing companies to recover them without paying the ransom demanded by cybercriminals. According to the calculations of Europol and the FBI, this amount would be around 120 million euros. However, the statement did not say that he was arrested.
“Last year, Ransomware Hive was a serious cyber threat used to compromise and encrypt data and computer systems of large multinational companies in the EU and the US. In particular, after June 2021, more than 1,500 companies from more than 80 countries around the world became victims of this. Ransomware And they lost about 100 million euros in ransom,” explained the police, who recalled that one of the group’s most serious attacks was against a hospital that paralyzed its computer systems in the middle of the pandemic.
“Affiliates attacked companies in different ways. Some Hive actors gained access to victims’ networks by using compromised remote desktop access credentials with one-factor authentication, virtual private networks, and other remote network connection protocols. In other cases, they bypassed multi-factor authentication and gained access by exploiting vulnerabilities. Finally, they also gained initial access to victims’ networks through email distribution Phishing with malicious attachments”, disrupts communication.
Source: El Diario
