cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

FBI takes down servers and websites belonging to Hive ransomware group

After a six-month-long operation, the Federal Bureau of Investigation has scored a big win in the fight against ransomware.

user icon David Hollingworth
Fri, 27 Jan 2023
FBI takes down servers and websites belonging to Hive ransomware group
expand image

Overnight, the FBI announced that it had taken control of websites and servers used by the Hive ransomware gang. The FBI worked with the German Federal Criminal Police and Reutlingen Police Headquarters-CID Esslingen, as well as the Netherlands National High Tech Crime Unit.

Both the group’s dedicated leak site, where it publishes the data of victims who refuse to pay, and a negotiation portal were taken down.

In the months leading up to the takedown operation, the FBI had also successfully infiltrated Hive’s own networks and had been able to secure the operation’s encryption keys. These were shared with Hive’s victims, allowing them to recover data without paying expensive ransoms. A total 300 keys were shared with victims undergoing current attacks, and a further thousand with previous victims.


Hive has been in operation since June 2021, both on its own behalf and offering ransomware-as-a-service. The group and its affiliates have attacked over 1,500 companies globally and made more than US$100 million in ransoms.

The FBI’s efforts to secure encryption keys have saved victims US$130 million.

FBI Director Christopher Wray is proud of the agency’s efforts.

“The coordinated disruption of Hive’s computer networks, following months of decrypting victims around the world, shows what we can accomplish by combining a relentless search for useful technical information to share with victims with investigation aimed at developing operations that hit our adversaries hard,” Wray said in an announcement. “The FBI will continue to leverage our intelligence and law enforcement tools, global presence, and partnerships to counter cyber criminals who target American business and organisations.

“Last night, the Justice Department dismantled an international ransomware network responsible for extorting and attempting to extort hundreds of millions of dollars from victims in the United States and around the world,” said Attorney General Merrick B Garland. “Cyber crime is a constantly evolving threat. But as I have said before, the Justice Department will spare no resource to identify and bring to justice anyone, anywhere, who targets the United States with a ransomware attack.

“We will continue to work both to prevent these attacks and to provide support to victims who have been targeted. And together with our international partners, we will continue to disrupt the criminal networks that deploy these attacks.”

Deputy Attorney General Lisa O Monaco probably had the best comment on the outcome, however: “Simply put, using lawful means, we hacked the hackers.”

“The seizure of both the [dedicated leak site] and victim negotiation portal is a major setback to the adversary’s operations,” said Adam Meyers, head of intelligence, at CrowdStrike. “Without access to either site, Hive affiliates will have to rely on other means of communication with their victims and will have to find alternate ways to publicly post victim data.”

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.