The U.S. Department of Justice and Europol have announced that an international law enforcement operation secretly infiltrated and seized the Hive ransomware gang’s infrastructure. The Hive ransomware has caused havoc to many major systems, with the ransomware used to compromise and encrypt the data and computer systems.
Since 2022, Hive ransomware attacks have caused major disruptions in victim daily operations around the world and affected responses to the COVID-19 pandemic.
In terms of the importance of this covert cyber-espionage operation, Terry Olaes, Senior Technical Director at Skybox Security, outlines the significance to Digital Journal.
According Olaes: “The seizing of Hive ransomware gang’s sites and decryption keys comes as no surprise, as the prolific group had received over $100 million in ransom payments from more than 1,300 victims since they were initially discovered in June 2021.”
Outlining the process further, Olaes observes: “In November 2022, the FBI, the CISA and HHS issued a joint #StopRansomware advisory when the group gained access to victim networks by distributing phishing emails with malicious attachments through the exploitation of Microsoft Exchange Server vulnerabilities.”
Highlighting the importance of international cooperation, Olaes expands: “Through the U.S. and European law enforcement agencies’ operation, they were able to warn targets of impending attacks, learn about them beforehand, and obtain and disseminate decryption keys to victims, saving the victims $130 million in ransom payments.”
In terms of the significance of the operation, Olaes spells this out: “Skybox Research Lab found that ransomware programs increased by 42 percent in 2021. While assessing the gravity of vulnerabilities, it is essential to prioritize network accessibility, exposure, exploitability and commercial effect.”
Continuing with the significance, Olaes says: “Additionally, the Hive ransomware gang’s abilities serves as an important reminder of the serious financial losses that could result from ransomware gangs targeting businesses.”
Drawing on the salient lessons, Olaes explains: “Protecting enterprises requires that the attack surface is defined, risk measurement can include multiple factors like tools that can measure the financial effect of cyber risks on businesses and a quantification approach that will enable organizations to recognize and rank hazards according to their financial consequences.”
As a further recommendation, Olaes puts forward: “Establishing exposure-based risk scores to help prioritize the urgency of vulnerability remediation can greatly improve the maturity of vulnerability management programs and will assure rapid recovery.”
