Threat Management

FBI’s takedown of Hive ransomware operation detailed

Share

Nearly seven months have been spent by the FBI within the servers of the Hive ransomware operation, with FBI Cyber Criminal Operations Section Chief Bryan Smith noting that decryption key generation had been prioritized upon initial access before proceeding to dismantle the ransomware gang in January, reports The Record, a news site by cybersecurity firm Recorded Future. Smith said that the FBI proceeded with providing decryptors to Hive ransomware's victims after deeming it a way to disrupt its operations. "If we could prevent them from getting revenue, it made it so that their business would not be a going concern. And it would also then benefit the victims out there. So we really have taken a victim-centric approach to how and when we push out the decryption," Smith said, adding that the FBI assigned leads to hand out decryptors to U.S.-based victims, while seeking the assistance of legal attaches to distribute decryption keys for those in other countries, helping avert $130 million in ransomware payments.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.