Hive ransomware leak site and decryption keys seized in police sting

Ouch, this could be painful for a notorious group of cybercriminals.

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Hive ransomware leak site seized by law enforcement

Websites used by the Hive ransomware-as-a-service gang to extort ransoms and leak data stolen from corporate victims have been seized in a joint operation involving police around the world.

Law enforcement agencies including Europol, the US Department of Justice, FBI, Secret Service, Europol, and Germany’s BKA and Polizei, teamed up to shut down the operations of the Hive gang which is thought to have extorted ransoms from over 1300 companies around the world, massing an estimated $100 million in the last 18 months.

Hive was a particularly notorious ransomware group because, unlike some of its rivals, it appeared to have no qualms about targeting healthcare institutions.

Sign up to our free newsletter.
Security news, advice, and tips.

However, today, if you venture onto the dark web and visit Hive’s leak website, this is what you will see…

Hive seized

THIS HIDDEN SITE HAS BEEN SEIZED

The Federal Bureau of Investigation seized this site as part of a coordinated law enforcement action taken against Hive Ransomware.

This action has been taken in coordination with the United States Attorney’s Office for the Middle District of Florida and the Computer Crime and Intellectual Property Section of the Department of Justice with substantial assistance from Europol

Every few seconds, via the magic of an animated GIF, the message changes to one in Russian (presumably in an attempt to send a powerful message to over ransomware gangs).

A US Department of Justice press release has announced that the FBI penetrated Hive’s infrastructure in late July 2022, capturing decryption keys, and offering them to victims worldwide so they do not have to pay a ransom.

In all, the FBI says it has provided over 300 decryption keys to Hive victims since July 2022. In addition, over 1,000 decryption keys were made available to past Hive victims.

The FBI says it continues to investigate the Hive ransomware-as-a-service operation. Whether this eventually results in the identification and prosecution of those involved in blackmailing organisations remains to be seen…


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.