screengrab captured by CNN shows a website hosted by Hive Ransomware seized by the FBI
This screengrab captured by CNN shows a website hosted by Hive Ransomware seized by the FBI. The website, in Russian, says, "The Federal Bureau of Investigation seized this site as part of a coordinated law enforcement action taken against Hive Ransomware."

Hacking group suspected of IT attacks on Portuguese hospitals, councils and hotels “dismantled”

Group’s website “hacked” by law enforcement

PJ judicial police have announced today that the force participated in an international operation that has dismantled the HIVE group, suspected of having attacked several Portuguese entities from whom it attempted to extort large sums of money.

Among victims in this country have been hospitals, laboratory analysis companies, municipalities, transport/ aviation firms, hotels, and even tech enterprises.

According to the PJ, the HIVE gang was one of the most relevant cybercriminal groups worldwide.

It used what was described as the “double extortion method“, meaning before encrypting data, it stole sensitive information from the victim’s network. Then the group demanded a ransom for the data to be decrypted and the stolen information not to be published on the its website, hosted on the dark web.

Investigations, which lasted several months, were carried out by several international partners, including the PJ’s National Unit for Combating Cybercrime and Technological Crime (UNC3T), which hosted one of the week-long operational working sessions, attended by more than 30 police officers from the 13 countries involved in the operation (Germany, Canada, Spain, United States, France, Ireland, Lithuania, Netherlands, Norway, Portugal, United Kingdom, Romania and Sweden).

“Cooperation between the various international partners has made it possible to identify the technological infrastructure used by the members of this criminal group, as well as the private keys used by them to encrypt the victims’ data”, said a statement today released by the PJ. 

“As a result, law enforcement services were able to learn about attacks before they occurred and warn targets, and to obtain and distribute decryption keys to victims, preventing approximately €120 million in ransom payments”.

In the US, where HIVE targeted multiple concerns, deputy attorney general Lisa Monaco explained today’s news as “simply put, using lawful means, we hacked the hackers…

The mystery remains however as to who the people behind this operation might be.

FBI director Christopher Wray has said investigators will continue to track them “and try and arrest them”.

It is not even clear where these people are located.

According to US investigators cited by CNN, they are “possibly Russian-speaking”.

[email protected]