Hive ransomware group was not your average crime syndicate. Formed by a conglomeration of elite hacking teams, instead of scattered individuals, the group operated more like a parent company, licensing out its ransomware to subsidiaries worldwide. The operation was professional, and its ransomware interface was easy to use, complete with a username and password login for victims and a live chat option with the hackers. They even had a logo. Yet, behind this sanitized facade, the crimes were still ruthless. The group targeted 1,500 entities in 80 countries, including schools and financial firms. The hackers broke into networks via phishing, virtual private networks (VPNs), and other methods, keeping an organization’s data hostage through encryption and threatening to publish it publicly if the victims didn’t send a ransom in crypto. At the height of the pandemic, the hackers’ favorite targets were health care facilities. Most were so overrun with patients, they had no choice but to pay. One hospital in particular had to treat patients with analog methods and couldn’t accept new patients because of a Hive ransomware attack, according to the Department of Justice. Beginning in June 2021, the group extorted ransoms totaling $100 million—a figure that could’ve been much higher it weren’t for the FBI, which in July 2022 infiltrated Hive’s computer networks, poking around for seven months undetected as they helped victims and gathered evidence.
Full story : How the FBI prevented $130 million in crypto ransomware attacks by hacking the hackers behind Hive.