Skip to content
Quick exit
  • Cymraeg
  • Reporting SARs
Leading the UK's fight to cut serious and organised crime
  • Who we are
    • Our mission
    • Our people
    • Our leadership
    • Governance and transparency
    • Inclusion, diversity and equality
    • Publications
  • What we do
    • What we investigate
    • Border vulnerabilities
    • Bribery, corruption and sanctions evasion
    • Cyber crime
    • Child sexual abuse and exploitation
    • Drug trafficking
    • Illegal firearms
    • Fraud
    • Kidnap and extortion
    • Modern slavery and human trafficking
    • Money laundering and illicit finance
    • Organised immigration crime
    • Operation Stovewood: Rotherham child sexual abuse investigation
    • How we work
    • Intelligence: enhancing the picture of serious organised crime affecting the UK
    • Investigating and disrupting the highest risk serious and organised criminals
    • Providing specialist capabilities for law enforcement
    • Supporting victims and survivors
  • News
    • All news
  • Careers
    • How to join the NCA
    • Applying and onboarding
    • Current vacancies
    • A day in the life
    • Benefits and support
  • Most Wanted
  • Contact us
    • Verify an NCA Officer
    • Complaints
  • Home >
  • News >
  • HIVE takedown: NCA in international operation to shut down $100m ransomware threat

Share this page:

Share this page:

News

HIVE takedown: NCA in international operation to shut down $100m ransomware threat

  • Cyber crime

An international operation involving the National Crime Agency has taken down a ransomware service used by cyber criminals to attack and extort businesses across the globe.

The activity, led by the FBI and German law enforcement and supported by NCA cyber crime investigators, saw servers of the HIVE strand of ransomware taken offline today (26 January). Image of the hive splash picture used online

Anyone attempting to access HIVE infrastructure will now be met with a law enforcement splash page, explaining that the network has been seized and is no longer available for use.

HIVE was available to purchase on the dark web and enabled criminals to launch ransomware attacks on their targets.

It would usually be sent to victims as an attachment to a phishing email which, when opened, would infect their computers and encrypt their systems until a ransom payment was made.

Victim organisations failing to pay could have their data published.

Since June 2021, the HIVE ransomware group has targeted more than 1,300 victims around the world and received more than $100 million in ransom payments.

The FBI developed the capability to circumvent HIVE encryption and NCA cyber crime investigators supported a number of victims in the UK to remove the impact of the ransomware from their systems.

It has impacted approximately 50 corporate victims in the UK, including in the housing, haulage, commercial and education sectors, since it was first identified in April 2021.

Other partners involved in the operation include the US Secret Service, Canada, Germany, France, Romania, Lithuania, Sweden, Norway, Portugal, Spain and Ireland.

Paul Foster, Deputy Director of the NCA’s National Cyber Crime Unit, said:

“HIVE was a service which enabled cyber criminals to steal millions from businesses across the globe, with several UK organisations suffering significant disruption and financial losses.

The combined might of international law enforcement, which includes NCA officers, is a tremendous example of action to take down illegal IT infrastructure.

“We continue to work closely with partners to bolster our capability to tackle this national security threat and strengthen the UK’s response to cyber crime.

“I would urge any businesses that may have been a victim of cyber-crime to come forward and report such incidents to law enforcement.”

26 January 2023

Latest from twitter

Share this page:

TOP ˄
0370 496 7622
NCA general enquiries or to verify an NCA officer, available 24/7
Click CEOP logo: Advice, Help, Report

  • Who we are

  • Our mission

  • What we do

  • How we investigate
  • How we work

  • News

  • Most wanted

  • Careers

  • A day in the life
  • Current vacancies

  • Contact us

  • Operation Stovewood
  • Suspicious activity reports
  • Verify an NCA officer
  • Complaints

Follow us

  • Sitemap
  • Privacy and Cookie Policy
  • Terms and Conditions
  • Publications
  • Accessibility statement
© Crown Copyright
© Crown Copyright