The end of the ransomware group HIVE was also the start of new investigation methods: Infiltration by hacker gangs means that ransom payments are no longer without alternative. The air is getting thinner for APT gangs.
A few weeks ago, German and US authorities (Baden-Württemberg police, FBI and Secret Service) in cooperation with other European security authorities smashed the "Hive" hacker network after a joint investigation. A comment by Lothar Geuenich, VP Central Europe / DACH at Check Point.
HIVE: Perpetrators fear – victims hope
It's a victory that should be celebrated. Apparently, the group had already stolen around 100 million euros from more than 1500 companies and organizations (70 of them in Germany) through ransomware attacks. By stealthily infiltrating the hackers, authorities have been able to leak the decryption keys to over 300 ransomware victims since July, allowing them to recover their data and prevent almost €120 million worth of ransom payments.
So much for the facts. It is true that these gangs often reform under different names or split into others. However, this action sends an important message and has likely shocked some ransomware groups, not knowing if their gang might be being monitored as well. No arrests have been announced so far and the investigation is ongoing. You have to consider that the perpetrators were observed by the authorities for more than half a year without their knowledge. So it will be interesting to see what will happen to the players connected to Hive.
HIVE infiltrated and hacked by authorities
It is also interesting that the investigators - in a coordinated prosecution and by legal means - hacked into Hive's systems and also secretly helped the victims by giving them the decryption keys. All while at Hive the "daily business" went on as normal. It can be expected that we will read more about such digital investigative methods in the future, as they are quicker and easier to carry out than using traditional methods to track down and arrest cybercriminals - especially when you consider the limits of international law enforcement.
Other ransomware groups now have to reckon with the fact that their victims will receive the decryption keys and their "operations" will come to an early end. This is their only lever against their victims and immediately deprives them of the basis for the data blackmail business. It also sends the message that authorities use the same methods as perpetrators to conduct operations and disrupt cybercriminals.
Businesses trust the authorities
At best, with help from law enforcement, victims don't have to pay the ransomware gangs a ransom, which could result in more companies coming forward when faced with an attack. In the best-case scenario, this could result in fewer companies paying criminals if they see successful investigations like the Hive group breakup.
Surely, this (albeit remarkable) investigative success was not the beginning of the end of the ransomware era. But it sends several important signals to all hacker groups: On the one hand, that law enforcement is increasingly using the digital space and the tactics of the perpetrators to beat them at their own game. However, the infiltration of the Hive group also shows that the international community has recognized that cybercrime requires cross-border investigation and coordination. This tells hackers that they can no longer feel safe launching attacks from abroad without fear of justice. It will be interesting to see which investigations will follow - and which hacker group may have already been infiltrated unknowingly.
More at CheckPoint.com
About check point Check Point Software Technologies GmbH (www.checkpoint.com/de) is a leading provider of cybersecurity solutions for public administrations and companies worldwide. The solutions protect customers from cyberattacks with an industry leading detection rate for malware, ransomware and other types of attacks. Check Point offers a multi-level security architecture that protects company information in cloud environments, networks and on mobile devices, as well as the most comprehensive and intuitive “one point of control” security management system. Check Point protects over 100.000 businesses of all sizes.