FBI Seizes Hive Ransomware Group’s Website

Jan. 26, 2023
On Jan. 26, AG Garland and FBI Director Wray held a news conference regarding the seizure of the Hive ransomware group’s website—vice president of security services at Clearwater comments on the news to Healthcare Innovation

On Jan. 26, the FBI announced it has seized the Hive ransomware group’s website. The Hive Ransomware group was first observed in June of 2021.

An article from CNN by Sean Lyngaas says that “The FBI has seized the computer infrastructure used by a notorious ransomware gang which has extorted more than $100 million from hospitals, schools and other victims around the world, U.S. officials announced Thursday.”

Further, “FBI officials since July have had extraordinary access to the so-called Hive ransomware group’s computer networks, FBI Director Christopher Wray said at a news conference, allowing the bureau to pass computer ‘keys’ to victims so that they could decrypt their systems and thwart $130 million in ransom payments.”

Healthcare Innovation has covered multiple instances of Hive’s attacks on the healthcare sector, including on Sept. 3, 2021 when we reported that the FBI has released an alert about the malicious Hive ransomware, the same group that took down Memorial Health System on Aug. 15.

On March 31, 2022, we reported that the Hive Ransomware group posted on its dark website that it has stolen 850,000 personally identified information (PII) records from the Partnership HealthPlan of California.

During the news conference the morning of Jan. 26 at the Justice Department, Attorney General Merrick Garland and FBI Director Christopher Wray addressed the seizure. Wray said that “I'm pleased to be here today to represent the FBI to speak about a year and a half long disruption campaign against the hybrid software. I've heard thousands of victims across the country and around the world until the FBI and our partners disrupted helping their victims decrypt their networks without Hive catching on and then today dismantling Hive’s front- and back-end infrastructure in the U.S.”

“This operation was led by our Tampa field office, assisted by our cyber division team at FBI headquarters and other field office personnel around the country but also by FBI personnel stationed around the world who led the collaboration with our foreign law enforcement partners, often shoulder to shoulder scrutinizing the same data that was essential to today's success,” he added. “Especially the fine work of the German ruling and police headquarters the German Federal Criminal Police, the Netherlands National High Tech Crime Unit, and Interpol. This coordinated disruption of Hive’s networks illustrates the power of collaboration between the FBI and our international partners.”

Wray stated, “The FBI Strategy to combat ransomware leverages both our law enforcement and intelligence authorities to go after the whole cybercrime ecosystem. The actors the finances, their communications, their malware, and their supporting infrastructure. And since 2021, that is exactly how we've hit high ransom. Last July, FBI Tampa gained clandestine persistent access to Hive’s control. And since then, for the past seven months, we've been able to exploit that access to help victims while keeping Hive in the dark, using that access to identify Hive’s victims and to offer over 1,300 victims around the world keys to decrypt their infected networks, preventing at least $130 million in ransom payments and cutting off the gas that's fueling Hive’s fire.”

Wray contributed the success of getting the victims the decryption keys to the combined technical expertise across the FBI’s cyber program.

Wray said, regarding occurrences of Hive’s attacks, “In another instance, when an FBI case agent and computer scientist rushed to provide hands on support to a local specialty clinic and helped the doctor— who also managed that clinics IT security—identify his offices vulnerabilities and deploy his decryption key because no victim is too small.”

Wray said that “today’s lesson” for business large and small, including hospitals, is to introduce yourself to your local FBI field office so you know who to call if you become a victim of a cyberattack. The FBI is prepared to help organizations build a crisis response plan so if your organization does get hit, you are prepared.

Wray concluded, “We're going to continue gathering evidence building out our map of the live developers, administrators, and affiliates and using that knowledge to drive arrests, seizures, and other operations whether by the FBI or other partners here and abroad. And while this is yes, a fight to protect our country, our citizens, and our national security, make no mistake, the fight for cybersecurity spans the FBI presence and partnership as well. A reminder to cyber criminals: no matter where you are and no matter how much you can talk try to twist and turn to cover your tracks your infrastructure, your criminal associates, your money, and your liberty are at risk and there be constantly.”

Dave Bailey, vice president of security services at Clearwater said in a statement to Healthcare Innovation, “The news that the FBI seized the website used by the notorious ransomware gang is promising in the fight against today’s adversarial threats. Having a sound understanding of the adversary, how they conduct their attacks, and tools and techniques they use to extort their victims will be helpful in bolstering our defenses. Now is not the time to take our foot off the pedal in securing our data, protecting our patients, and ensuring we minimize the impacts to these types of disruptive and potentially destructive attacks. It would not be surprising if retaliation takes place by another group in response to the FBI takedown and now there are many additional groups and actors who are capable of executing attacks on the healthcare industry. Great job by the home team and let’s continue our vigilance in this continuous fight.”

Sponsored Recommendations

Care Access Made Easy: A Guide to Digital Self Service

Embracing digital transformation in healthcare is crucial, and there is no one-size-fits-all strategy. Consider adopting a crawl, walk, run approach to digital projects, enabling...

Powering a Digital Front Door with a Comprehensive Provider Directory

Learn how Geisinger improved provider data accuracy, SEO, and patient acquisition with a comprehensive provider directory.

Data-driven, physician-focused approach to CDI improvement

Organizational profile Sisters of Charity of Leavenworth (SCL) Health* has been providing care since it originated in the 1600s in France as the Daughters of Charity. These religious...

Luminis Health improved quality and financial outcomes with advanced CDI technology and consulting from 3M

In the beginning, there were challengesBefore partnering with 3M Health Information Systems (HIS), Luminis Health’s clinical documentation integrity (CDI) program faced ...