Today, the Hive ransomware Tor payment and data leak sites were seized as part of an international law enforcement operation involving the US Department of Justice, FBI, Secret Service, Europol, and Germany’s BKA and Polizei.
The seizure notice on the Tor sites also lists a wide range of other countries involved in the law enforcement operation, including Canda, France, Lithuania, Netherlands, Norway, Portugal, Romania, Spain, Sweden, and the United Kingdom.
Unlike previous seizure messages used by law enforcement, this image is an animated GIF rotating between a message in English and Russian, likely to be a warning for other ransomware gangs.
“This hidden site has been seized. The Federal Bureau of Investigation seized this site as part of a coordinated law enforcement action taken against Hive Ransomware,” reads the seizure notice.
“This action has been taken in coordination with the United States Attorney’s Office for the Middle District of Florida and the Computer Crime and Intellectual Property Section of the Department of Justice with substantial assistance from Europol.”
Currently, the FBI has not released any information on the takedown. However, BleepingComputer has learned that the US Department of Justice is announcing the action at 10:30 AM ET.
Who is Hive ransomware?
The Hive cybercriminal gang is run as a ransomware-as-a-service (RaaS) operation that launched in June 2021. They are known to breach organizations through phishing campaigns, exploiting vulnerabilities in internet-exposed devices, and through purchased credentials.
Once they gain access to a corporate network, the threat actors spread laterally to other devices while stealing unencrypted data to be used in double-extortion demands.
When they gain admin access to a Windows domain controller, they deploy their ransomware throughout the network to encrypt all devices.
Unlike many ransomware operations that claim to avoid emergency services and healthcare entities, Hive is not particular about who they target.
The ransomware group is responsible for many victims, including attacks on the non-profit Memorial Health System, retail giant MediaMarkt, Bell Technical Solutions (BTS), and Tata Power, the New York Racing Association.
In November 2022, the FBI stated that the ransomware operation generated approximately $100 million from over a thousand companies since June 2021.