The DOJ stated that it conducted the operation with the help of German law enforcement (the German Federal Criminal Police and Reutlingen Police Headquarters-CID Esslingen) and the Netherlands National High Tech Crime Unit.

Over $100M Extorted From 1,500 Victims

The department said that since June 2021, the group has targeted more than 1,500 victims worldwide and received over $100 million in crypto ransom payments.

According to the DOJ, the Federal Bureau of Investigation (FBI) executed a months-long disruption campaign against the group and infiltrated Hive’s network in July 2022. The Justice Department added that after successfully infiltrating the group’s network, it captured their decryption keys and offered them to victims worldwide, preventing them from paying the $130 million in crypto ransom demanded.

“Since infiltrating Hive’s network in July 2022, the FBI has provided over 300 decryption keys to Hive victims who were under attack. In addition, the FBI distributed over 1,000 additional decryption keys to previous Hive victims,” the DOJ said.

A Subscription-Based Model

Ransomware is malicious software (malware) that threatens to publish or block access to a victim’s personal data (usually by encrypting it) unless a ransom is paid off.

According to the DOJ, Hive used a subscription-based model called ransomware-as-a-service (RaaS) to “develop a ransomware strain and create an easy-to-use interface with which to operate it and then recruit affiliates to deploy the ransomware against victims.”

“Affiliates identified targets and deployed this readymade malicious software to attack victims and then earned a percentage of each successful ransom payment,” the department added.

Meanwhile, the DOJ announcement comes as revenue from ransomware has significantly reduced. According to a recent report by blockchain analytics firm Chainalysis, ransomware attackers extorted approximately $456.8 million from victims in 2022, down from $765.6 million the year prior.

However, that does not mean ransomware attacks have reduced, or at least not as much as the decline in payments suggests. Instead, “much of the decline is due to victim organisations increasingly refusing to pay ransomware attackers,” the report said.

~ By William A. Frederick ~