Ransomware attacks, in which hackers encrypt a computer system and then extort victims to pay up or risk losing access to their data, have harmed targets ranging from individuals to powerful entities. Victims have included large companies such as the meat supplier JBS, major infrastructure such as the Colonial Pipeline and entire countries such as Costa Rica. Last week the Department of Justice announced some rare good news about this criminal industry: The FBI infiltrated a major ransomware group called Hive and obtained its decryption keys. These keys let the ransomware victims recover their data without paying the demanded fee. The FBI’s work helped affected parties avoid paying $130 million. Afterward American law enforcement worked with international partners to seize Hive’s servers and take down its website.
According to the official DOJ announcement, Hive has been a major player in the ransomware space since June 2021, attacking more than 1,500 victims in more than 80 countries and extorting more than $100 million. “I would say that’s up there with the largest ransomware groups that we’ve got data on, in terms of how many organizations have been impacted and how much money is being paid out,” says Josephine Wolff, an associate professor of cybersecurity policy at Tufts University. Scientific American spoke with Wolff about how the FBI took down Hive and how much of an impact this law-enforcement operation will have on other ransomware criminals.
[An edited transcript of the interview follows.]
What action did the FBI take against Hive?
There are two parts of this, both of which are really interesting. The first thing that law enforcement did is it actually infiltrated their internal communications for a period of several months—we think going back to [last] summer, based on what the Justice Department has said. And because [law enforcement was] inside their computers and able to see who they had infected and, more importantly, what the decryption keys were to undo that ransomware, the Justice Department has said [it was] able to help lots of victims who had been targeted and actually unencrypt their systems by essentially stealing those decryption keys from the Hive servers, without Hive’s knowledge of what was going on. So, for months, you had an undercover presence in those servers of law enforcement, taking decryption keys and giving them to victims so that they can recover their computers.
The second part of that, which…
Click Here to Read the Full Original Article at Scientific American Content: Global…