Hive Ransomware Operation Apparently Shut Down by Law Enforcement

hive-ransomware-operation-apparently-shut-down-by-law-enforcement

The Hive ransomware operation appears to have been shut down as part of a major law enforcement operation involving agencies in 10 countries. 

A message displayed in English and Russian on the Hive ransomware operation’s Tor-based website reads: The Federal Bureau of Investigation seized this site as part of a coordinated law enforcement action taken against Hive Ransomware.

Another message says the action was taken in coordination with Europol and authorities in Florida, which indicates that more details will likely be made available in the upcoming period by the Justice Department and Europol.

Until law enforcement agencies confirm the shutdown of Hive, there is a slight chance that the website seizure notice was posted by the cybercriminals themselves. Hacker groups falsely claiming to have been shut down by police is not unheard of. 

However, Allan Liska, a ransomware expert working for threat intelligence company Recorded Future, reported that the Hive infrastructure was seized. Liska also posted an image showing that many well-known ransomware groups have fallen.

The US government reported in November 2022 that the Hive ransomware gang had hit more than 1,300 businesses and made an estimated $100 million in ransom payments.

Data collected by the DarkFeed deep web intelligence project shows that Hive was still active last week. 

The Hive ransomware operation was launched in 2021. Offered under a ransomware-as-a-service (RaaS) model, the ransomware was often used against organizations in the healthcare sector, as well as other critical infrastructure. 

The hackers used malware to encrypt the target’s files, but not before stealing data that could be used to pressure the victim into paying up. 

A free decryptor for files encrypted with the Hive ransomware was released by a South Korean cybersecurity agency in the summer of 2022. 

Related: Russia Lays the Smackdown on REvil Ransomware Gang

Related: Six Arrested for Roles in Clop Ransomware Operation

Related: DarkSide Ransomware Shutdown: An Exit Scam or Running for Hills?

The post Hive Ransomware Operation Apparently Shut Down by Law Enforcement appeared first on SecurityWeek.

Riot Games Says Source Code Stolen in Ransomware Attack

riot-games-says-source-code-stolen-in-ransomware-attack

Video games developer Riot Games on Tuesday confirmed that source code was stolen from its development systems during a ransomware attack last week.

The incident was initially disclosed on January 20, when the company announced that systems in its development environment had been compromised and that the attack impacted its ability to release content.

“Earlier this week, systems in our development environment were compromised via a social engineering attack. We don’t have all the answers right now, but we wanted to communicate early and let you know there is no indication that player data or personal information was obtained,” the company announced last week.

On January 24, Riot Games revealed that ransomware was used in the attack and that source code for several games was stolen.

“Over the weekend, our analysis confirmed source code for League, TFT, and a legacy anticheat platform were exfiltrated by the attackers,” the games developer said.

The company reiterated that, while the development environment was disrupted, no player data or personal information was compromised in the attack.

The stolen source code, which also includes some experimental features, will likely lead to new cheats emerging, the company said.

“Our security teams and globally recognized external consultants continue to evaluate the attack and audit our systems. We’ve also notified law enforcement and are in active cooperation with them as they investigate the attack and the group behind it,” Riot Games added.

The game developer also revealed that it received a ransom demand, but noted that it has no intention to pay the attackers. The company has promised to publish a detailed report of the incident.

According to Motherboard, the attackers wrote in the ransom note that they were able to steal the anti-cheat source code and game code for League of Legends and for the usermode anti-cheat Packman. The attackers are demanding $10 million in return for not sharing the code publicly.

Related: Ransomware Revenue Plunged in 2022 as More Victims Refuse to Pay Up: Report

Related: Ransomware Attack on DNV Ship Management Software Impacts 1,000 Vessels

Related: The Guardian Confirms Personal Information Compromised in Ransomware Attack

The post Riot Games Says Source Code Stolen in Ransomware Attack appeared first on SecurityWeek.