The Romanian Police, together with the Department for Investigating Organised Crime and Terrorism (DIICOT), Europol, the German, Dutch and US authorities, have contributed to the dismantling of an HIVE ransomware group that since June 2021 has hacked over 1,500 companies in more than 80 countries causing damage in excess of 100,000,000 euros, according to Agerpres.

„Last year, HIVE ransomware was identified as a major threat, as it was used to compromise and encrypt data and computer systems of large IT companies and oil multinationals in the European Union and the US,” the General Inspectorate of the Romanian Police (IGPR) reported on Thursday.

Following the police action, the decryption keys were identified and made available to several victims, which allowed them to regain access to their data without paying ransom to the hackers.

Part of the criminal mechanism, the hackers executed the cyber-attacks, while the HIVE ransomware was created, maintained and updated by developers.

The suspects are reported to have attacked the companies in various ways. Some members allegedly obtained data by distributing phishing e-mails, exploiting the vulnerabilities of the operating systems of the attacked devices.

Europol and other European Union member states managed to prevent several companies from becoming victims of the HIVE software. The judicial authorities made the decryption keys available to the companies, so that they no longer pay the ransom, thus preventing ransom payments of over 120,000,000 euros.

„Europol facilitated the exchange of information, supported the coordination of the operation and financed operational meetings in Portugal and the Netherlands. Europol also provided analytical assistance, gathering data related to several criminal cases, both from the European Union and outside it, and supported the investigation through the analysis of cryptocurrencies, malware and forensic analysis.”

The operation was also assisted by Europol’s cybercrime working group made up of liaison officers from several countries who work on cases related to large-scale computer crimes.

In Romania, the HIVE ransomware group infected the IT infrastructure of several medium and large-sized companies in the category of essential services, disrupting the operation of their IT systems and the performance of their activities.

According to IGPR, an affiliate of the HIVE ransomware group was apprehended and sent to court in 2021-2022 after an investigation carried out by the police officers of the Directorate for Combatting Organised Crime – the Service for Combatting Cyber-Crime and the Craiova Brigade for Combatting Organised Crime, together with DIICOT, with support from the FBI and Europol.

Agerpres