DOJ takes down ransomware culprit Hive, which hit businesses in Harvey, downstate Illinois

DOJ takes down ransomware culprit Hive

CHICAGO (CBS) -- One of the most notorious ransomware groups that has wreaked havoc across the world has gone dark for now.

The FBI announced Thursday it infiltrated the network used by the so-called "Hive" group. CBS 2 has learned some of their victims are from the Chicago area.

CBS 2's Andrew Ramos has the details on the major FBI announcement.

From schools, to hospitals and financial firms, the U.S. Department of justice said Hive targeted more than 1,500 entities in over 80 countries, receiving over $100 million in ransom deleted payments.

The FBI's cyber takedown, experts say, is just a temporary fix on what continues to be a widespread problem.

"This hidden site has been seized." It's the message now plastered on the front of the dark web website once operated by the ransomware gang known as "Hive."

It's the outcome of a months-long disruption campaign spearheaded by the Department of Justice, where they penetrated the group's networks, pressing pause on their tactics.

"First, they infiltrate a victims system, install sensitive data. Next the affiliates deployed, malicious software, encrypting the victim system, rendering it unusable," said Attorney General Merrick Garland. 

After paralyzing the system, they would demand millions in ransom. The DOJ managed to thwart recent efforts to collect $130 million in ransom payments. The usual targets, experts say, aren't always carrying the big bucks.

"A majority of our ransomware victims are actually small businesses," said Crane Hassold of Abnormal Security.

Two of the three known victims linked to Hive cyberattacks in Illinois were small businesses, according to data provided by cyber security software company Abnormal Security.

Agri-Fab, a lawn care company in Decatur, and Hydro-Gear, a manufacturing company based in downstate Sullivan suffered data breaches at the hands of Hive.

It was the same for a third victim, Family Christian Health Center in Harvey, where 31,000 individuals were impacted.

"When you are talking about something like a legal firm or a healthcare company, then you start getting into likely actual sensitive information," said Hassold.

One of those significant cases happened in August 2021, when Hive unleashed malicious software at several Midwest hospitals forcing them to turn away patients as COVID cases surged.

It's important to note - no arrests were made in the government's take down.

Taking action against those responsible for these cyberattacks has become an uphill battle for law enforcement, as many believe a vast majority of them are operating in foreign countries like Russia. 

Read more
f

We and our partners use cookies to understand how you use our site, improve your experience and serve you personalized content and advertising. Read about how we use cookies in our cookie policy and how you can control them by clicking Manage Settings. By continuing to use this site, you accept these cookies.