The Department of Justice has disrupted the operations of a ransomware group known as Hive, helping victims avoid $130 million in ransom payments, the agency said Thurday.
Hive used a network of "affiliates" to extort hospitals, infrastructure operators, school districts, financial institutions and more in 80 countries around the world, according to the DOJ. Hive's malware would encrypt computer systems after affiliates stole sensitive documents. Affiliates would demand ransom for both the data and a decryption key.
The Justice Department infiltrated the group starting in July 2022, according to a release.
The DOJ said it has delivered decryption keys to 300 entities that were currently under attack and 1,000 decryption keys to previous victims of the group. Hive had targeted over 1,500 victims worldwide world since 2021, the department said.
Experts have warned that cyberattacks on critical infrastructure remain a serious threat. In 2021, a ransomware attack shut down the Colonial Pipeline for five days in the US and concern over gas shortages cause prices to jump.