Gardaí have been involved in an international policing operation to shut down the Hive ransomware operation, which has extorted more than €100 million from more than 1,300 victims worldwide.
Since it first emerged in 2021, more than 1,500 companies and institutions have been hacked with their IT systems or databases encrypted by Hive and backups deleted or rendered inaccessible.
The hackers would demand large payments, often in cryptocurrency, in exchange for freeing up the systems.
Superintendent Pat Ryan told RTÉ's News at One that Hive has been identified as a major threat to international security, and has been used to compromise and encrypt data of computer systems belonging to businesses and multi-nationals in Europe and elsewhere.
Hive and its affiliates have attacked over 1,500 victims in over 80 countries, he said.
Developers provide the software and then affiliates carry out the attacks, the ransom paid by victims is then split between them, such as 80% to affiliates and 20% to the developers.
The international policing operation has involved the shutting down of the servers used to carry out attacks.
Superintendent Ryan said that due to law enforcement efforts, it has provided over 300 decryption keys to victims and saved an estimated over €120 million in ransomware demands.
He said that gardaí have been investigating a number of Hive ransomware attacks that have targeted Irish-based victims, and have been able to provide keys to get access to their data without having to give in to ransom demands.
Superintendent Ryan said this group tend to focus their attacks on larger businesses and critical national infrastructure across the globe.
He said that companies may not be aware that their systems have bene compromised until it's too late and he advised businesses to update their systems regularly and use anti-virus software, as well as regularly backing up their data.
FBI hacked into Hive
The FBI revealed that it had secretly hacked and disrupted Hive, a maneuver that allowed the bureau to thwart the group from collecting more than $130 million in ransomware demands.
At a news conference, US Attorney General Merrick Garland, FBI Director Christopher Wray, and Deputy US Attorney General Lisa Monaco said government hackers broke into Hive's network and put the gang under surveillance, surreptitiously stealing the digital keys the group used to unlock victim organisations' data.
They were then able to alert victims in advance so they could take steps to protect their systems before Hive demanded the payments.
"Using lawful means, we hacked the hackers," Monaco told reporters. "We turned the tables on Hive."
News of the takedown first leaked on Thursday morning when Hive's website was replaced with a flashing message that said: "The Federal Bureau of Investigation seized this site as part of coordinated law enforcement action taken against Hive Ransomware."
Hive's servers were also seized by the German Federal Criminal Police and the Dutch National High Tech Crime Unit.
"Intensive cooperation across national borders and continents, characterised by mutual trust, is the key to fighting serious cybercrime effectively," said German police commissioner Udo Vogel in a statement from police and prosecutors in the state of Baden-Wuerttemberg, who assisted in the probe.
The takedown of Hive is distinct from some of the other high-profile ransomware cases the US Justice Department has announced in recent years, such as a cyber attack in 2021 against the Colonial Pipeline Co.
In that case, the Justice Department seized some $2.3 million in cryptocurrency ransom after the company had already paid the hackers.
Here, there were no seizures because investigators intervened before Hive demanded the payments. The undercover infiltration, which started in July 2022, went undetected by the gang until now.
