Hive’s infrastructure is down. Europol claims the ransomware group was tackled by a partnership of Dutch, German and US authorities.
“The FBI seized this site as part of a coordinated law enforcement action”, reads the banner referred to by Hive’s website since Thursday. The statement is signed by multiple government agencies, including the German Bundeskriminalamt (BKA).
Europol claims that the ransomware group’s infrastructure was taken down by German, Dutch and US authorities in a statement. The law enforcement agency did not specify which parts of the infrastructure were hit, but reports from the industry give an idea.
According to Cybernews, authorities seized both the website and one of Hive’s APIs. Security team SOS Intelligence suggests that Hive’s entire frontend has been wiped.
In November 2022, the FBI alleged that Hive was partly responsible for ransomware attacks on more than 1,300 companies worldwide. Hive operates a ransomware-as-service model whereby developers maintain malware and provide it as a service to partners who carry out attacks.
It’s unclear whether the locations and identities of the ransomware group’s members are known to authorities at this time. An insider source told Bloomberg that the responsible agencies will release statements about the operation later today.
The takedown is undoubtedly a blow to partners and members of Hive. It does not, however, guarantee that the cybercriminals will be stopped. It’s common for large ransomware groups to reorganize under a new name when their infrastructure is seized.
Tip: Diary of a ransomware attack: attack, recovery, best practices