![\"<p>Deputy](\"\/\/www.iser-br.com\/Themes\/Release\/images\/responsive\/ettelecom-default.jpg\")
WASHINGTON: The FBI and international<\/a> partners have at least temporarily disrupted the network of a prolific ransomware gang<\/a> they infiltrated last year, saving victims including hospitals and school districts a potential $130 million in ransom payments, Attorney General Merrick Garland and other U.S. officials announced Thursday.
\"Simply put, using lawful means we hacked the hackers,\" Deputy Attorney General Lisa Monaco said at a news conference.
Officials said the targeted syndicate, known as Hive<\/a>, is among the world's top five ransomware<\/a> networks and has heavily targeted health care. The FBI quietly accessed its control panel in July and was able to obtain software keys it used with German and other partners to decrypt networks of some 1,300 victims globally, said FBI Director Christopher Wray.
How the takedown will affect Hive's long-term operations is unclear. Officials announced no arrests but said, to pursue prosecutions, they were building a map of the administrators who manage the software and the affiliates who infect targets and negotiate with victims.
\"I think anyone involved with Hive should be concerned because this investigation is ongoing,\" Wray said.
On Wednesday night, FBI agents seized computer servers in Los Angeles used to support the network. Two Hive dark web sites were seized: one used for leaking data of non-paying victims, the other for negotiating extortion payments.
\"Cybercrime is a constantly evolving threat, but as I have said before, the Justice Department will spare no resource to bring to justice anyone anywhere that targets the United States with a ransomware attack,\" Garland said.
He said the infiltration, led by the FBI's Tampa office, allowed agents in one instance to disrupt a Hive attack against a Texas school district, stopping it from making a $5 million payment.
It's a big win for the Justice Department. Ransomware is the world's biggest cybercrime headache with everything from Britain's postal service and Ireland's national health network to Costa Rica's government<\/a> crippled by Russian-speaking syndicates that enjoy Kremlin protection.
The criminals lock up, or encrypt, victims' networks, steal sensitive data and demand large sums. Their extortion has evolve to where data is pilfered before ransomware is activated, then effectively held hostage. Pay up in cryptocurrency or it is released publicly.
As an example of a Hive sting, Garland said it kept one Midwestern hospital in 2021 from accepting new patients at the height of the COVID-19 epidemic.
The online takedown notice, alternating in English and Russian, mentions Europol and German law enforcement partners. The German news agency dpa quoted prosecutors in Stuttgart as saying cyber specialists in the southwestern town of Esslingen were decisive in penetrating Hive's criminal IT infrastructure after a local company was victimized.
In a statement, Europol said companies in more than 80 countries, including oil multinationals, have been compromised by Hive and that law enforcement from 13 countries was in on the infiltration.
A U.S. government advisory<\/a> last year said Hive ransomware<\/a> actors victimized over 1,300 companies worldwide from June 2021 through November 2022, netting about $100 million in payments. Criminals using Hive's ransomware-as-a-service tools targeted a wide range of businesses and critical infrastructure, including government, manufacturing and especially health care.
Though the FBI offered decryption keys to some 1,300 victims globally, Wray said only about 20% reported potential issues to law enforcement.
\"Here, fortunately, we were still able to identify and help many victims who didn't report. But that is not always the case,\" Wray said. \"When victims report attacks to us, we can help them and others, too.\"
Victims sometimes quietly pay ransoms without notifying authorities - even if they've quickly restored networks - because the data stolen from them could be extremely damaging to them if leaked online. Identity theft is among the risks.
John Hultquist, the head of threat intelligence at the cybersecurity firm Mandiant, said the Hive disruption won't cause a major drop in overall ransomware activity but is nonetheless \"a blow to a dangerous group.\"
\"Unfortunately, the criminal marketplace at the heart of the ransomware problem ensures a Hive competitor will be standing by to offer a similar service in their absence, but they may think twice before allowing their ransomware to be used to target hospitals,\" Hultquist said.
But analyst Brett Callow with the cybersecurity firm Emsisoft said the operation is apt to lessen ransomware crooks' confidence in what has been a very high reward-low risk business. \"The information collected may point to affiliates, launderers and others involved in the ransomware supply chain.\"
Allan Liska, an analyst with Recorded Future, another cybersecurity outfit, predicted indictments, if not actual arrests, in the next few months.
There are few positive indicators in the global fight against ransomware, but here's one: An analysis of cryptocurrency transactions by the firm Chainalysis<\/a> found ransomware extortion payments were down last year. It tracked payments of at least $456.8 million, down from $765.6 million in 2021. While Chainalysis said the true totals are certainly much higher, payments were clearly down. That suggests more victims are refusing to pay.
The Biden administration got serious about ransomware at its highest levels two years ago after a series of high-profile attacks threatened critical infrastructure and global industry. In May 2021, for instance, hackers targeted the nation's largest fuel pipeline<\/a>, causing the operators to briefly shut it down and make a multimillion-dollar ransom payment, which the U.S. government later largely recovered.
A global task force involving 37 nations began work this week. It is led by Australia<\/a>, which has been particularly hard-hit by ransomware, including a major medical insurer and telecom.<\/a> Conventional law enforcement measures such as arrests and prosecutions have done little to frustrate the criminals. Australia's interior minister, Clare O'Neil, said in November that her government was going on the offense, using cyber-intelligence and police agents to \" find these people, hunt them down and debilitate them before they can attack our country.\"<\/a>
The FBI has obtained access to decryption keys before. It did so in the case of a major 2021 ransomware attack on Kaseya, a company whose software runs hundreds of websites. It took some heat, however, for waiting several weeks to help victims unlock afflicted networks.<\/a>
(Bajak reported from Boston. Associated Press writer Kirsten Grieshaber in Berlin contributed)<\/em><\/strong>
<\/body>","next_sibling":[{"msid":97362405,"title":"Kenya's Safaricom elects Adil Khawaja as chairman","entity_type":"ARTICLE","link":"\/news\/kenyas-safaricom-elects-adil-khawaja-as-chairman\/97362405","category_name":null,"category_name_seo":"telecomnews"}],"related_content":[],"msid":97362416,"entity_type":"ARTICLE","title":"US infiltrates big ransomware gang: 'We hacked the hackers'","synopsis":"Officials said the targeted syndicate, known as Hive, is among the world's top five ransomware networks and has heavily targeted health care. The FBI quietly accessed its control panel in July and was able to obtain software keys it used with German and other partners to decrypt networks of some 1,300 victims globally, said FBI Director Christopher Wray.","titleseo":"telecomnews\/us-infiltrates-big-ransomware-gang-we-hacked-the-hackers","status":"ACTIVE","authors":[],"analytics":{"comments":0,"views":116,"shares":0,"engagementtimems":530000},"Alttitle":{"minfo":""},"artag":"AP","artdate":"2023-01-27 07:39:00","lastupd":"2023-01-27 07:41:09","breadcrumbTags":["Ransomware","hive","Internet","International","Ransomware gang","technology news","cyber security","cyber security news","Hive ransomware"],"secinfo":{"seolocation":"telecomnews\/us-infiltrates-big-ransomware-gang-we-hacked-the-hackers"}}" data-authors="[" "]" data-category-name="" data-category_id="" data-date="2023-01-27" data-index="article_1">
- Telecom乐动扑克News
- 5分钟读
我们浸润大ransomware帮派:“我们侵入了黑客的
官员说,有针对性的辛迪加,称为蜂房,是世界五大ransomware网络和大量有针对性的医疗保健。联邦调查局悄悄访问其控制面板和7月能够获得软件键使用德国和其他合作伙伴来解密的一些网络全球1300名受害者,联邦调查局主任克里斯托弗·雷说。
读到
华盛顿:美国联邦调查局和国际伙伴至少暂时中断网络的多产ransomware帮派他们去年渗透拯救受害者,包括医院和学校潜在的支付1.3亿美元的赎金,司法部长梅里克花环和其他美国官员周四宣布。
“简单地说,使用合法手段窃听黑客,“副检察长利萨摩纳哥在新闻发布会上说。乐动扑克
官员说,有针对性的辛迪加,称为蜂巢,是世界五大之一ransomware网络和大量有针对性的医疗保健。联邦调查局悄悄访问其控制面板和7月能够获得软件键使用德国和其他合作伙伴来解密的一些网络全球1300名受害者,联邦调查局主任克里斯托弗·雷说。
拆卸将如何影响蜂巢的长期操作还不清楚。官员宣布逮捕但说,追求起诉,他们建立的管理员管理软件和地图的子公司感染目标和与受害者进行谈判。
“我认为任何人参与蜂巢应该担心因为这个调查仍在继续,”雷说。
周三晚上,在洛杉矶的联邦调查局特工抓住计算机服务器用于支持网络。两个蜂巢黑网站被抓:一个用于泄漏数据的非付费受害者,其他谈判勒索支付。
“网络犯罪是一个不断发展的威胁,但正如我之前所说的,美国司法部不会闲置资源绳之以法任何人任何美国ransomware攻击目标,“加兰说。
他说,渗透,由联邦调查局的坦帕的办公室,允许代理在一个实例来扰乱蜂群攻击德州学区,阻止它500万美元的付款。
这是一个重大胜利司法部。Ransomware是世界上最大的网络犯罪头痛从英国邮政服务和爱尔兰的国家健康网络哥斯达黎加政府因讲俄语的集团,享受政府的保护。
罪犯关起来,或者加密,受害者的网络,窃取敏感数据和大量的需求。他们的敲诈勒索已经进化到数据偷窃ransomware被激活之前,然后有效的人质。支付在cryptocurrency或是公开发布。
蜂巢的一个例子,刺痛,加兰说,保持一个中西部医院从2021年接受新病人的高度COVID-19流行病。
在线关闭通知,交替在英语和俄语,提到欧洲刑警组织和德国执法合作伙伴。德国新闻通讯社德新社援乐动扑克引检察官在斯图加特网络专家在西南部小镇埃斯林根果断在穿透蜂巢的当地公司受害后犯罪的IT基础设施。
欧洲刑警组织在一份声明中说,公司在80多个国家,包括石油跨国公司破坏了蜂巢,来自13个国家的执法部门的渗透。
美国政府顾问去年说蜂巢ransomware演员受害全世界1300家公司从2021年6月到2022年11月,网约1亿美元的付款。罪犯使用蜂巢的ransomware-as-a-service工具针对广泛的企业和关键基础设施,包括政府、制造业,尤其是卫生保健。
尽管联邦调查局提供解密钥匙全球大约1300名受害者,雷说只有20%潜在问题报告给执法。
“在这里,幸运的是,我们仍然能够识别和帮助许多受害者不报告。但这并非总是如此,”雷说。“当受害者报告攻击我们,我们可以帮助他们和其他人来说,也是。”
受害者有时悄悄地支付赎金没有通知当局——即使他们已经迅速恢复了网络,因为可能会产生极具破坏性从他们窃取的数据如果泄露在线。身份盗窃的风险。
威胁情报主管约翰•Hultquist Mandiant公司网络安全公司,说蜂巢中断不会导致整体ransomware活动,但下降的主要因素是如此“打击一个危险的组织。”
“不幸的是,犯罪市场的核心ransomware问题确保蜂巢的竞争对手将站在没有提供类似的服务,但他们可能会三思而后行ransomware用于目标医院,“Hultquist说。
但分析师与网络安全公司Emsisoft Brett Callow表示操作容易减轻ransomware骗子的信心一直在非常高的reward-low业务风险。“收集的信息可能指向子公司,清洗者和其他参与ransomware供应链。”
分析师艾伦一天记录以后,另一个网络安全套装,预测起诉,如果没有实际的逮捕,在接下来的几个月。
很少有积极的全球打击ransomware指标,但这里有一个:分析Chainalysis cryptocurrency交易的公司发现ransomware勒索支付去年下降了。它跟踪支付至少4.568亿美元,低于7.656亿年的2021美元。尽管Chainalysis表示真正的总数是肯定要高得多,支付很明显下降。这意味着更多的受害者拒绝支付。
拜登管理得到了认真ransomware在其最高水平两年前一系列高调的攻击威胁的关键基础设施和全球产业。例如,在2021年5月,黑客攻击美国最大的燃料管道,导致运营商暂时关闭它并使数百万美元的赎金,后来美国政府很大程度上恢复。
全球工作组涉及37个国家本周开始工作。它是由澳大利亚已经被ransomware特别严重,包括一个主要医疗保险公司和电信。逮捕和起诉等传统执法措施打击罪犯。澳大利亚的内政部长,克莱尔奥尼尔说,她的政府将在11月进攻,利用网络情报和警察”找到这些人,追捕并使衰弱之前袭击我们的国家。”
联邦调查局已经侵入解密密钥。这样做的一个主要2021 Kaseya ransomware袭击,一个公司的软件运行数以百计的网站。花了一些热量,然而,对于等待几周帮助解锁折磨受害者网络。
(Bajak从波士顿报道。美联社作家克里斯汀•Grieshaber在柏林贡献)
评论
现在评论 阅读评论(1)所有评论
找到这个评论进攻?
下面选择你的理由并单击submit按钮。这将提醒我们的版主采取行动