NCA helps shut down $100m ransomware threat

Posted on 27 January, 2023 by Advance 

An international operation involving the National Crime Agency (NCA) has taken down a ransomware service used by cyber criminals to attack and extort businesses across the globe.


Image of the hive splash picture used online.
Courtesy NCA

The activity, led by the FBI and German law enforcement and supported by NCA cyber crime investigators, saw servers of the HIVE strand of ransomware taken offline yesterday.

Anyone attempting to access HIVE infrastructure will now be met with a law enforcement splash page, explaining that the network has been seized and is no longer available for use.

HIVE was available to purchase on the dark web and enabled criminals to launch ransomware attacks on their targets.

It would usually be sent to victims as an attachment to a phishing email which, when opened, would infect their computers and encrypt their systems until a ransom payment was made.

Victim organisations failing to pay could have their data published.

Since June 2021, the HIVE ransomware group has targeted more than 1,300 victims around the world and received more than $100 million in ransom payments.

The FBI developed the capability to circumvent HIVE encryption and NCA cyber crime investigators supported a number of victims in the UK to remove the impact of the ransomware from their systems.

It has impacted approximately 50 corporate victims in the UK, including in the housing, haulage, commercial and education sectors, since it was first identified in April 2021.

Other partners involved in the operation include the US Secret Service, Canada, Germany, France, Romania, Lithuania, Sweden, Norway, Portugal, Spain and Ireland.

Paul Foster, Deputy Director of the NCA’s National Cyber Crime Unit, said: “HIVE was a service which enabled cyber criminals to steal millions from businesses across the globe, with several UK organisations suffering significant disruption and financial losses.

"The combined might of international law enforcement, which includes NCA officers, is a tremendous example of action to take down illegal IT infrastructure.

“We continue to work closely with partners to bolster our capability to tackle this national security threat and strengthen the UK’s response to cyber crime.

“I would urge any businesses that may have been a victim of cyber-crime to come forward and report such incidents to law enforcement.”