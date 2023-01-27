Gardaí took part in a multi-agency operation which saw the destruction of the servers and infrastructure of a hacking group that have brought “a great deal of distress to Irish people”.

The HIVE Ransomware gang were responsible for extorting more than €100m from large companies worldwide, including some Irish businesses.

The Garda National Cyber Crime Bureau participated in Operation Downbreaker, a EUROPOL and internationally-supported operation HIVE Ransomware Group.

Agencies such as the FBI and a host of European police forces.

The operation has now shut down the servers and technical infrastructure utilised by the Ransomware group.

Since November 2022, over 1,300 companies worldwide have fallen victim to the associates of the HIVE Ransomware Group and have paid almost €100 million in ransom payments.

The FBI said that the operation prevented the gang from extorting a further €100m from 300 more potential victims.

Government hackers broke into Hive's network and put the gang under surveillance, surreptitiously stealing the digital keys the group used to unlock victim organisations' data, the FBI said.

They were then able to alert victims in advance so they could take steps to protect their systems before Hive demanded the payments.

In the past year, HIVE ransomware has been identified as a major threat to international security as it has been used to compromise and encrypt the data and computer systems of large IT and multinationals in Europe and elsewhere.

Both cohorts are cybercriminals who used HIVE to copy data and then encrypt a victim’s files. The affiliates then ask for a ransom to both decrypt the files and to not publish the stolen data on the HIVE Leak Site. When the victim paid, the ransom was split between affiliates (80pc) and developers (20pc).

This is what is known as the ‘ransomware-as-a-service’ (RaaS) model that in recent years has perpetrated high-level attacks often targeting companies maintaining critical infrastructures such as Government agencies, healthcare and telecommunications.

The Irish health service was crippled for a number of weeks in 2021 when it was hacked by the Conti ransomware gang. A ransom was demanded from the Irish government, who said they did not pay it.

Among its direct involvement in Operation Downbreaker, Gardaí attached to GNCCB have participated in several operational meetings and are currently involved in the investigation of a number of HIVE Ransomware incidents that targeted Irish victims.

The work of Gardaí as part of this Operation has ensured that the Irish based victims of HIVE are supported and have been provided with decryption keys for them to regain access to their data without paying the cybercriminals.

The work of GNCCB as part of this operation has prevented more private companies from falling victim to HIVE ransomware.

Detective Chief Superintendent at the Garda National Cyber Crime Bureau, Barry Walsh said: "This is an excellent result that has come from a lot of painstaking work carried out by Gardaí in the Cyber Crime Bureau and together with our colleagues across the world.

"It underscores the immense value of co-ordinating a collective law enforcement response to emerging criminality.

"The HIVE Ransomware Group has caused a great deal of distress to people in Ireland, and has upset their daily lives in more ways than one. This is not just about the monetary loss suffered by victims, but the significant disruption that a cyberattack causes.”

"We will further maximise this work and stay focused on targeting the tactics and methods of cybercriminals and which affect victims here in Ireland,” Chief Supt Walsh added.