Image: Dzelat / Shutterstock

After a months-long covert operation, the US Justice Department (DOJ) and its international partners have taken down an international ransomware network known as Hive, the agency announced Thursday. Since 2021, the Hive ransomware group has targeted more than 1,500 victims around the world, securing more than$100 million in ransom payments from hospitals, school districts, financial firms, and other entities. 

Also: 3 security gadgets I never leave home without

To dismantle the Hive network, the Justice Department operated a "21st century cyber stakeout", according to Deputy Attorney General Lisa O. Monaco.

Recommends

How the top VPNs compare: Plus, should you try a free VPN?

We tested the best VPN services -- focusing on the number of servers, ability to unlock streaming services, and more -- to determine a No. 1 overall. Plus, we tell you whether free VPNs are worth trying.

Read now

"Our investigative team turned the tables on Hive, swiping their decryption keys, passing them to victims, and ultimately averting more than$130 million dollars in ransomware payments," she said in a statement. 

The FBI first penetrated Hive's computer networks in July 2022. During the operation, the agency managed to secure more than 300 decryption keys for Hive victims who were under attack. It also retrieved more than 1,000 additional decryption keys for prior Hive victims. By capturing those decryption keys, the FBI saved victims from having to pay$130 million in ransom demanded. 

On Thursday, the DOJ worked with German and Dutch law enforcement to seize control of the servers and websites that Hive used to communicate with its members.

Also: NSA and CISA alert: This phishing scam could give hackers control of your PC

Hive used a ransomware-as-a-service model. Hive's "developers" or "administrators" would develop a ransomware strain and then recruit "affiliates" who could deploy it against victims. The "affiliates" would steal sensitive data from victims and also encrypt the victim's systems. 

After a victim paid the hackers to get their stolen data back -- as well as a decryption key necessary to decrypt their system -- the affiliates and Hive administrators would split the ransom 80/20. If a victim didn't pay, their data was published on the Hive Leak Site.

Security

8 habits of highly secure remote workersHow to find and remove spyware from your phoneThe best VPN services: How do the top 5 compare?How to find out if you are involved in a data breach -- and what to do next

• 8 habits of highly secure remote workers
• How to find and remove spyware from your phone
• The best VPN services: How do the top 5 compare?
• How to find out if you are involved in a data breach -- and what to do next