The FBI infiltrated notorious ransomware group Hive, which has targeted hospitals across the U.S., according to a report from the Justice Department.
The FBI penetrated Hive's computer networks last July and gave decryption keys to 300 victims worldwide, and more than 1,000 additional decryption keys for previous attack victims.
"In a 21st century cyber stakeout, our investigative team turned the tables on Hive, swiping their decryption keys, passing them to victims, and ultimately averting more than $130 million dollars in ransomware payments. We will continue to strike back against cybercrime using any means possible and place victims at the center of our efforts to mitigate the cyber threat," said Lisa Monaco, deputy attorney general.
The FBI seized the servers Hive used to store critical information and have taken control of Hive's darknet sites, according to a statement from Attorney General Merrick Garland.
Before the operation, Hive attacked more than 1,500 organizations and collected $100 million in payments. Hive would encrypt the data and threaten to release copies of the data online in a double-extortion model, according to the American Hospital Association.
"The disruption and dismantlement of the notorious Hive ransomware operation by the FBI, the Department of Justice and international partners is welcome news and will no doubt help make hospitals safer against high-impact ransomware attacks that have disrupted health care’s delivery and risked patient safety," said John Riggi, AHA's national advisor for cybersecurity and risk.
In at least one case, a hospital hit by Hive's ransomware reverted to paper records and reported slower patient care. In another case the FBI disrupted Hive's attack on a Louisiana hospital and saved the hospital from a $3 million payment.