Lessons From Hive Ransomware Multinational Takedown: Coordination and Defensive Priorities

infrastructure of one of the most prolific and extremely active ransomware groups, Hive, responsible for many ransomware attacks, including against hospitals. With access to Hive’s computer networks since last summer, the FBI obtained decryption keys for 336 victims across the globe, preventing them from paying $130 million worth of demanded extortion payments – evidence of its ability to provide substantial assistance to victims of cybercrimes. In this second installment of our two-part article series, with insights from legal and cybersecurity experts, we offer measures to prevent these attacks and discuss the importance of coordination with law enforcement, including how it worked in this instance. Part one discussed the history and tactics of Hive, the takedown and contributing factors to the decline in ransomware. See our two-part series on a ransomware tabletop’s 360-degree incident response view: “Days One to Four” (Feb. 1, 2022); and “Day Five Through Post-Mortem” (Feb. 15, 2023).

To read the full article

Continue reading your article with an ACR subscription.