Beginning this past July, the Federal Bureau of Investigation – with the support of overseas law enforcement agencies from Canada to Lithuania and victim property operators in various sectors – has confiscated the servers and websites of the Hive ransomware network, FBI Director Christopher Wray announced Thursday.
The American Hospital Association says the disruption makes hospitals safer from high-impact ransomware attacks.
The honeycomb network was seized
US Attorney General Merrick Garland yesterday said that on the evening of January 25, a months-long investigation resulted in the seizure of Hive’s websites and servers.
According to the US Department of Justice announcement, the FBI first gained access to Hive’s computer network, then obtained its decryption keys and made them available to victims around the world.
Working with international partners, Hive’s websites and communication networks were also seized.
Director Wray said the collaborative investigation had “cut off the gas that ignited the Hive” and “crippled Hive’s ability to re-ignite,” in a statement posted on the FBI’s website.
Although nothing has been released yet, the DOJ said it is pursuing criminal arrests by the organization with links to Russia.
A win for patient safety
The Cybersecurity and Infrastructure Agency said in a National Cyber Awareness System alert in November that threat actors using Hive ransomware have fallen victim to more than 1,300 companies. worldwide as of June 2021, collecting approximately $100 million in ransom.
By April 2022, the Health Industry Cybersecurity Coordination Center warned that Hive ransomware deployers were keen to target healthcare organizations.
While recommending adherence to standard cyber defenses, HC3 acknowledges that its tactics, techniques, and procedures are difficult to counter.
According to John Riggi, AHA’s national risk and cybersecurity adviser, the removal of HIVE ransomware “will make hospitals safer from high-impact ransomware attacks that have disrupted supply provide health care and jeopardize patient safety”.
Empowering Cyber Attack Victims in Healthcare
Communication and coordination is something that healthcare and healthcare IT leaders in both the public and private sectors cannot emphasize enough.
“As U.S. Attorney General Garland has stated, this coordinated international law enforcement action is supported with the cooperation of victims – including hospitals – and through vigorous exchange of information. news about cyberthreats to the private sector,” said Riggi Healthcare IT News by email.
Empowering healthcare organizations to seek out and actively work with federal investigators, competitors, and others is an obstacle to be addressed in public and private discussions. . The AHA encourages hospitals and other healthcare ransomware targets to step up and share information, and the FBI asks them to contact them when attacked.
Members of the FBI have also assured that the agency will not fall victim to a calling organization when it comes to cyberattacks.
William McDermott, FBI special agent, told attendees of the HIMSS 2022 Cybersecurity Conference in December: “We certainly wouldn’t show up in an FBI raincoat because that would make the victim a victim of a victim. “.
He also said that while they are providing assistance, FBI cybersecurity investigators will not scour vendor networks for compliance breaches. He noted that the FBI has prevented cyberattacks in the healthcare sector, such as those on the Butler County Health Care Center in David City, Nebraska, and Boston Children’s Hospital.
A successful offense by the government
The subpoenas on the Hive leak site are a lot of law enforcement seals, like reported by Kevin Collier of NBC News.
He also said an affidavit indicates that “Hive’s backend server is hosted at a vendor in Los Angeles” and includes an image of a partially edited document.
“The Department of Justice will spare no effort to identify and bring to justice anyone, anywhere, targeting the United States with a ransomware attack,” Garland said.
Since Hive was hacked, the FBI has provided more than 300 decryption keys to hacked victims and more than 1,000 keys to previous victims.
“We will continue to work to prevent these attacks and provide assistance to targeted victims. And together with our international partners, we will continue to disrupt networks. criminals deploy these attacks,” Garland asserts.
The AHA is a staunch advocate of prioritizing ransomware attacks against hospitals as a threat to cybercriminals, and using federal capabilities to disrupt crypto organizations. extortion poison.
“Over the past few years, we have publicly and privately advocated the implementation of this strategy to not only raise awareness of the seriousness of these attacks against hospitals and service providers our health care services but also to prevent them from happening,” said Riggi.
“The AHA is proud to partner with all federal law enforcement, health care, and national security agencies to facilitate and enhance the rapid and effective exchange of information about relationships.” cyberthreats to the field – to help protect and protect healthcare providers and patients against these cyberthreats,” he added..
Comments by email Tom Kellermann, senior vice president of strategic cybersecurity and application development provider Contrast Security, called the Hive-turned collaboration historic.
“The International Ransomware Task Force is having an impact,” he said.
Andrea Fox is the senior editor of Healthcare IT News.
Email: [email protected]
Healthcare IT News is a publication of HIMSS.
