Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecuritySecurity NewswireSecurity Enterprise ServicesSecurity Leadership and ManagementSecurity & Business Resilience

US DOJ busts ransomware hive, saves victims $130 million in ransom

By Joy LePree Anderson
FBI Director Christopher Wray

Image via FBI/DOJ

January 27, 2023

Yesterday, the U.S. Department of Justice (DOJ) announced the infiltration of the Hive ransomware group that has targeted more than 1,500 victims, including hospitals, school districts, financial firms and critical infrastructure, in over 80 countries. Since July 2022, the Federal Bureau of Investigation (FBI) has worked to penetrate Hive’s computer networks and capture over 300 decryption keys, offering them to victims around the world who were under attack, thwarting over $130 million in ransom demands, according to FBI Director Christopher Gray. Hive is thought to operate as one of the top-five ransomware networks and has heavily focused on healthcare facilities as targets.

According to the government, yesterday’s operation successfully disrupted a Hive ransomware attack on a Louisiana hospital, saving the victim from paying $3 million in ransom, and prevented another attack that targeted a Texas school.

In addition, the department was able to capture and distribute over 1,000 additional decryption keys to previous Hive victims. And, working with German and Dutch law enforcement, the FBI seized control of the servers and websites that Hive used to communicate with its members, disrupting Hive’s ability to attack and extort additional victims.

Hive used a Ransomware as a Service (RaaS) model featuring administrators and affiliates in which the administrators develop a ransomware strain and create an easy-to-use interface to operate it and then recruit affiliates to deploy the ransomware against victims. Affiliates identified targets and deployed the malicious software to attack victims and then earned a percentage of each ransomware payment, explain DOJ officials.

Hive actors favored a double-extortion model of attack where, before encrypting the victim's system, the affiliate would exfiltrate sensitive data. The affiliate then sought a ransom for both the decryption key needed to unlock the victim’s system and a promise not to publish the stolen data. Hive actors frequently targeted the most sensitive data in a victim’s system to increase the pressure to pay. After a victim paid, affiliates and administrators split the ransom 80/20. If victims did not pay, Hive published their data on the Hive Leak Site.

According to the DOJ, these Hive ransomware attacks have caused major disruptions in victim’s daily operations and negatively impacted responses to the COVID-19 pandemic. In one case, a hospital attacked by Hive ransomware had to resort to analog methods to treat existing patients and was unable to accept new patients immediately following the attack. Since June 2021, Hive has targeted more than 1,500 victims globally and received more than $100 million in ransom payments.

Security experts weigh in

Security experts have commended the government’s action. “In cybersecurity, there is a tendency to be on one's heels from a defensive posturing standpoint. Concentrated offensive actions such as this expansive takedown not only disrupt the criminal crew's immediate activities, but also compromise their overall operation by obtaining the encryption keys to stolen data,” explains Tim Morris, Chief Security Advisor, AMER, with Tanium. “This could lead to the recovery of data previously thought lost or inaccessible, which is a significant victory for authorities.  While it's unlikely to make all victims whole, even a partial recovery of data is promising. Obtaining the keys is one of the biggest wins in this case by far.”

Yet, experts remind organizations that the threat is ongoing and to take action to protect sensitive data from ransomware attacks. “What is a significant win for law enforcement could in reality be just a road bump for the Hive ransomware group,” explains Jan Lovmand, CTO, with BullWall. “Whenever law enforcement starts paying significant attention and effort to a particular group, they often scatter or reorganize under a different name. We have seen these seizes before, only for the gang to surface with new extortion sites and ransomware names or sometimes as several smaller groups.”

Lovmand continues: “In the past they have seen these interruptions as temporary setbacks to a very lucrative business — similar to when a drug cartel has a shipment seized. They lose some income, get disrupted, but rarely stop their criminal activity to become honest working individuals. Law enforcement in several regions have, in the past, recovered ransoms paid from other gangs or seized decryption keys, but what is different this time is how many victims the FBI has been able to help and for how long.”

Duncan Greatwood, CEO of Xage Security, says, “The year has started off with a bang with critical infrastructure attacks —  both physical and cyber — at an all-time high. Why? Critical infrastructure attacks result in widespread impacts, draw international attention and increase the success of a ransomware payout. Every second of downtime at energy, utilities, hospitals and other critical infrastructure around the world can leave communities stranded and even cost lives, forcing parties to respond quickly.”

Greatwood continues: “Today’s announcement is a win for the DOJ and I applaud their efforts but we also need to be realistic. Adversaries are smart and this win is bound to be short-lived. If we don’t shift our mindset and find ways to not only stop them, but also prevent them from getting access in the first place, we’ll continue to see these attacks succeed. Adversaries are always one step ahead and bound to already be searching for new ways to break through and impact our day-to-day lives in order to achieve their goals. It’s paramount that critical infrastructure operators embrace the latest technology and security measures to go beyond just detecting and reacting to these attacks and instead prevent them by blocking them at the source.”

KEYWORDS: attacks data education security FBI hospital security ransomware

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Joy lepree anderson 2023

Joy LePree Anderson is a former Associate Editor of Security magazine.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Enterprise Services
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cybersecurity
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    New Security Technology
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

blurry multicolored text on black screen

PowerSchool Education Technology Company Announces Data Breach

Events

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

August 27, 2025

Risk Mitigation as a Competitive Edge

In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Security newswire default

    1 Million US Children Were Victims of Identity Fraud in 2017

    See More
  • hacked-cyber-security-freepik0264.jpg

    Ransom Disclosure Act would require victims to disclose ransom payments within 48 hours

    See More
  • Computer screen displaying code

    10M reward offered for information on Hive ransomware members

    See More

Related Products

See More Products
  • security culture.webp

    Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

  • Hospitality-Security.gif

    Hospitality Security: Managing Security in Today's Hotel, Lodging, Entertainment, and Tourism Environment

  • Physical-Layer-Security.gif

    Physical Layer Security in Wireless Communications

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing